On Wed, Dec 07, 2005 at 02:00:55PM +0100, Jan Niehusmann wrote: > On Wed, Dec 07, 2005 at 11:42:08PM +1100, Hamish Moffatt wrote: > > merge 342281 342337 > Oops - I'm sorry, I missed that report.
That's ok, thanks for helping. > > The fixed version is an update to 3.01, not 3.00. > I know, but the patch applies to 3.00 without much trouble. Yes I have 3.00-13.1 ready to go now and will contact the security team about uploading it. > > #342281 is already fixed in unstable. sarge and woody fixes are pending > > (as we need to create our own patch). > > Ok, so you noticed that my analysis was not completely correct - while > the woody version indeed doesn't contain JPXStream.cc (and consequently, > the JPX stream reader bug doesn't exist in woody), the other security > holes (in Stream.cc) do exist in woody and need patching. I'll work on that next, but it won't be for a day or two due to time constraints. It looks like a bit more work that woody. You are welcome to work on it if you like. Regards Hamish -- Hamish Moffatt VK3SB <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
