Re: CVE-2017-9935 / tiff

I added a comment to the upstream bug report: http://bugzilla.maptools.org/show_bug.cgi?id=2704#c14 -- Brian May

About libreoffice CVE

Hello Emilio, as the libreoffice entry is the oldest one without update[1] I decided to take a look at the issues (even though it's assigned to you). For CVE-2017-12607 I believe that wheezy is not affected as the patch shown below merely ensures that nLevelAnz does not overflow nMaxPPTLevels (=

Re: About libreoffice CVE

On Tue, Nov 14, 2017 at 04:48:48PM +0100, Raphael Hertzog wrote: > Package: libreoffice > Claimed-By: Emilio Pozuelo > Claimed-Date: 2017-05-31 17:29 (166 days ago) There's some data error, CVE-2017-12607 and CVE-2017-12608 were only disclosed on Oct 27. Cheers, Moritz

Re: About libreoffice CVE

On 14/11/17 17:02, Moritz Mühlenhoff wrote: > On Tue, Nov 14, 2017 at 04:48:48PM +0100, Raphael Hertzog wrote: >> Package: libreoffice >> Claimed-By: Emilio Pozuelo >> Claimed-Date: 2017-05-31 17:29 (166 days ago) > > There's some data error, CVE-2017-12607 and CVE-2017-12608 were only >

Notes on building with ASAN

All, Some of the last few updates I have done have required building the package with ASAN in order to reproduce the bug and/or confirm the fix. After some searches did not come up with anything that captured the issues I have encountered, I have written up some notes [0] on building packages

Re: Notes on building with ASAN

On 2017-11-14 08:58:33, Roberto C. Sánchez wrote: > All, > > Some of the last few updates I have done have required building the > package with ASAN in order to reproduce the bug and/or confirm the fix. > > After some searches did not come up with anything that captured the > issues I have