Re: Wheezy update of calibre?

2017-03-15 Thread Antoine Beaupré 
On 2017-03-15 17:56:52, Brian May wrote:
> Antoine Beaupré  writes:
>
>> In particular, it seems likely that there are more undocumented but
>> public security issues in Calibre. See for example bug #853004:
>>
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853004
>>
>> But there may be more.
>
> I have had a look and not found anything new. I don't think it is worth
> delaying the update, we can issue new updates if we find additional
> problems.

agreed.

> I just posted a proposed and tested patch - as well as packages for
> testing - for wheezy-security - in the debian-lts mailing list.

thanks!

-- 
Nature hides her secret because of her essential loftiness, but not by
means of ruse.
   - Albert Einstein

Re: Wheezy update of calibre?

2017-03-15 Thread Brian May 
Antoine Beaupré  writes:

> In particular, it seems likely that there are more undocumented but
> public security issues in Calibre. See for example bug #853004:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853004
>
> But there may be more.

I have had a look and not found anything new. I don't think it is worth
delaying the update, we can issue new updates if we find additional
problems.

I just posted a proposed and tested patch - as well as packages for
testing - for wheezy-security - in the debian-lts mailing list.
-- 
Brian May

Re: Wheezy update of calibre?

2017-01-28 Thread Antoine Beaupré 
Just for the record: before packaging this update, we will need to
investigate the issue much further.

In particular, it seems likely that there are more undocumented but
public security issues in Calibre. See for example bug #853004:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853004

But there may be more.

A.

-- 
A lot of people never use their initiative because no-one told them to.
- Bansky