-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pierre Joye wrote: > On 1/2/07, Pierre Joye <[EMAIL PROTECTED]> wrote: >> Hi Jonas, >> >> While checking the current bug in debian libgd, I found the gnuplot >> one (#368096). > > I forgot to mention that it does not segfault using CVS but using debian > libgd.
I am happy to hear that. I was made aware of the new upstream CVS code only a few days ago, but has hesitated switching to that, as I found no mention of fixes to the following publicly announced security issues: CAN-2004-0990: http://bugs.debian.org/278625 CVE-2006-2906: http://bugs.debian.org/372912 Please confirm (preferrably directly to those bugreports) that the current code in fact is not vulnerable to those issues, and I will be most happy to switch. Kind regards, - Jonas - -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ - Enden er nær: http://www.shibumi.org/eoti.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFmiZkn7DbMsAkQLgRAnFWAJ4waIh3QyU34VZyayxEvjnxvIsY3wCfYfnh Nvfohi8cza+uo3yf7rvvAaU= =1pUx -----END PGP SIGNATURE-----
