Bug#818882: CVE-2015-8366

2016-04-18 Thread Tobias Frost
Hi Hubert, just building and will then upload it. Note: I changed urgency to high, because of the CVE. -- tobi Am Montag, den 18.04.2016, 11:18 -0400 schrieb Hubert Chathi: > On Fri, 15 Apr 2016 20:52:51 +0200, Tobias Frost > said: > > > > I am working on a package that fixes this issue.  I ju

Bug#818882: CVE-2015-8366

2016-04-18 Thread Hubert Chathi
On Fri, 15 Apr 2016 20:52:51 +0200, Tobias Frost said: >> I am working on a package that fixes this issue.  I just need to >> merge your last NMU.  I've just been busy this week at work, but I >> hope to have a package ready early next week.  And then I'll have to >> find a sponsor... >> >> (My

Bug#818882: CVE-2015-8366

2016-04-15 Thread Tobias Frost
> I am working on a package that fixes this issue.  I just need to > merge > your last NMU.  I've just been busy this week at work, but I hope to > have a package ready early next week.  And then I'll have to find a > sponsor... > > (My patch for this issue is > https://vcs.uhoreg.ca/git/cgit/deb

Bug#818882: CVE-2015-8366

2016-04-15 Thread Hubert Chathi
On Fri, 15 Apr 2016 18:18:11 +0200, Tobias Frost said: > Hallo Hubert, > you said before this is not applicabel to ufraw... Sorry if I was unclear: CVE-2015-8366 affects ufraw, but CVE-2015-8367 (another bug that libraw fixed at the same time) does not seem to affect ufraw. > (libpng transisti

Bug#818882: CVE-2015-8366

2016-04-15 Thread Gianfranco Costamagna
Hi Tobias, > Would it then be in order to close or downgrade this bug? > > (libpng transistion willl be delayed if ufraw cannot enter testing) > it has no version, and also testing is affected. it should migrate anyway, because it won't "introduce" this RC bug (testing is prevented when sid has

Bug#818882: CVE-2015-8366

2016-04-15 Thread Tobias Frost
Package: src:ufraw Followup-For: Bug #818882 Hallo Hubert, you said before this is not applicabel to ufraw... Would it then be in order to close or downgrade this bug? (libpng transistion willl be delayed if ufraw cannot enter testing) -- tobi -- System Information: Debian Release: 8.3 APT

Bug#818882: CVE-2015-8366

2016-04-03 Thread Hubert Chathi
On Sun, 03 Apr 2016 10:54:08 -0400, Hubert Chathi said: > On Mon, 21 Mar 2016 12:06:38 +0100, Moritz Muehlenhoff > said: >> CVE-2015-8366 in dcraw also affects ufraw. The dcraw upstream fix is >> https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2 > It looks like uf

Bug#818882: CVE-2015-8366

2016-04-03 Thread Hubert Chathi
On Mon, 21 Mar 2016 12:06:38 +0100, Moritz Muehlenhoff said: > CVE-2015-8366 in dcraw also affects ufraw. The dcraw upstream fix is > https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2 It looks like ufraw (and probably all other dcraw-derived packages) is also affec

Bug#818882: CVE-2015-8366

2016-03-21 Thread Moritz Muehlenhoff
Source: ufraw Severity: grave Tags: security CVE-2015-8366 in dcraw also affects ufraw. The dcraw upstream fix is https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2 Cheers, Moritz