Bug#913702: libwpd: CVE-2018-19208

On Wed, Nov 14, 2018 at 09:50:19PM +0100, Salvatore Bonaccorso wrote: > Hi Rene, > > On Wed, Nov 14, 2018 at 09:22:04PM +0100, Rene Engelhard wrote: > > Hi, > > > > On Wed, Nov 14, 2018 at 08:19:05AM +0100, Salvatore Bonaccorso wrote: > > > [2] > > > https://src.fedoraproject.org/rpms/libwpd/blo

Bug#892590: Review graphite2

On Mon, Mar 19, 2018 at 05:04:17PM +0100, Rene Engelhard wrote: > I am not going over the .-release procedure for this, I'd have uploaded > to security, though, but... > > I don't think we should special-case our oldest, > soon-to-be-not-supported release. Agreed, it doesn't make sense to fix thi

Bug#892590: graphite2: CVE-2018-7999: null pointer dereference in Segment()

On Sun, Mar 11, 2018 at 02:02:22PM +0100, Rene Engelhard wrote: > Hi, > > On Sun, Mar 11, 2018 at 08:43:32AM +0100, Salvatore Bonaccorso wrote: > > CVE-2018-7999[0]: > > | In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference > > | vulnerability was found in Segment.cpp during a dumbRend

Bug#864366: CVE-2017-9433

On Wed, Jun 07, 2017 at 11:07:02PM +0200, Rene Engelhard wrote: > Hi, > > On Wed, Jun 07, 2017 at 06:13:05PM +0200, Moritz Muehlenhoff wrote: > > Source: libmwaw > > Severity: grave > > Tags: security > > > > Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433 > > sid (and th

Re: Packaging Apache OpenOffice

Rene Engelhard schrieb: > And security needs to support both, I don't think that they would want to > do that either. If they were actually two versions of the codebase in the archive (which I have some doubts about, since [libre|open]office is one of the most complex packages in the archive), th