Bug#346856: security bug needs upload along with xlibs-dev transition Re: Bug#346856: intent to upload sponsored NMU to fix xlibs-dev bug

On Fri, Jan 20, 2006 at 08:43:09AM +0100, Thomas Viehmann wrote: > Jacob Luna Lundberg wrote: > > If you or Thomas can do the upload for me, that would be great. > > The updated version can be downloaded from: > > http://www.gnifty.net/code/xscorch/ > OK, I've built it and, should it pass my testin

Bug#346856: security bug needs upload along with xlibs-dev transition Re: Bug#346856: intent to upload sponsored NMU to fix xlibs-dev bug

Jacob Luna Lundberg wrote: > If you or Thomas can do the upload for me, that would be great. > The updated version can be downloaded from: > http://www.gnifty.net/code/xscorch/ OK, I've built it and, should it pass my testing, will upload. I took the liberty to document in the changelog that no cha

Bug#346856: security bug needs upload along with xlibs-dev transition Re: Bug#346856: intent to upload sponsored NMU to fix xlibs-dev bug

On Tue, Jan 17, 2006 at 10:45:05AM -0800, Jacob Luna Lundberg wrote: > On Tue, Jan 17, 2006 at 02:37:52AM -0800, Steve Langasek wrote: > > Well, I can't confirm this. Jacob, please consider the attached > > patch, which fixes some quoting issues in configure.ac and > > re-autoconfs the source. Co

Bug#346856: security bug needs upload along with xlibs-dev transition Re: Bug#346856: intent to upload sponsored NMU to fix xlibs-dev bug

On Tue, Jan 17, 2006 at 02:37:52AM -0800, Steve Langasek wrote: > Is it confirmed that this stack smash bug is a security vulnerability? > Not all are... I am not aware of any security issues with this stack smash. You can overwrite up to 10 chars of stack but I certainly don't know how I would

Bug#346856: security bug needs upload along with xlibs-dev transition Re: Bug#346856: intent to upload sponsored NMU to fix xlibs-dev bug

On Tue, Jan 17, 2006 at 09:21:12AM +0100, Thomas Viehmann wrote: > Justin Pryzby wrote: > > You might consider mailing on -mentors, asking for a one time sponsor; > > I'm mailing -qa for you right now. > > In fact, please do this asap, because of the stack smash bug. Also > > change urgency to at

Bug#346856: security bug needs upload along with xlibs-dev transition Re: Bug#346856: intent to upload sponsored NMU to fix xlibs-dev bug

Justin Pryzby wrote: > You might consider mailing on -mentors, asking for a one time sponsor; > I'm mailing -qa for you right now. > In fact, please do this asap, because of the stack smash bug. Also > change urgency to at least medium, and provide a patch to the security > team, since the packag

Bug#346856: security bug needs upload along with xlibs-dev transition Re: Bug#346856: intent to upload sponsored NMU to fix xlibs-dev bug

On Mon, Jan 16, 2006 at 03:36:30PM -0800, Jacob Luna Lundberg wrote: > On Mon, Jan 16, 2006 at 05:45:44PM -0500, Justin Pryzby wrote: > > I intend to NMU a fix for this bug sponsored by some member of the QA > > group; patch attached. My pbuild result of this patch was clean, and > > produced a bi

Bug#346856: intent to upload sponsored NMU to fix xlibs-dev bug

On Mon, Jan 16, 2006 at 05:45:44PM -0500, Justin Pryzby wrote: > I intend to NMU a fix for this bug sponsored by some member of the QA > group; patch attached. My pbuild result of this patch was clean, and > produced a binary package with expected debdiff output from the most > recent version in

Bug#346856: intent to upload sponsored NMU to fix xlibs-dev bug

package xscorch tag 346856 patch thanks I intend to NMU a fix for this bug sponsored by some member of the QA group; patch attached. My pbuild result of this patch was clean, and produced a binary package with expected debdiff output from the most recent version in sid. A build log is attached.