https://bugzilla.wikimedia.org/show_bug.cgi?id=55624
--- Comment #9 from Andre Klapper <[email protected]> --- Faidon's comment on RT: "So, I gave this a try. Backporting poppler 0.24 from saucy/trusty is almost impossible, due to a variety of complex build dependencies that would also need to be backported (at least Qt4 & Qt5 -- not fun at all). Backport poppler 0.20 from Quantal seems a lot easier, however Quantal is only going to get security support until April 2014, i.e. trusty's release date, and it's unlikely we'll be able to move application servers from precise to trusty that soon at exactly the release date. poppler is a software package that gets CVEs often for vulnerabilities that are relatively easy to exploit (someone uploading a malicious PDF) and would be high impact (appservers). I feel very reluctant to maintain it on our own in general, even more so an older version that noone supports or some backport of 0.20/0.24. It's not impossible, but it's certainly unpleasant. Have you identified the patch that fixes the issue at hand? Maybe we could backport this specifically to precise's 0.18 as a stopgap until we move to trusty, sometime next year?" -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
