Hi Willi, On Sun, Dec 14, 2014 at 10:10:58AM +0100, Willi Mann wrote: > Hi Dave, > > does 0.21.7 solve both security issues reported? If yes, could point > send me the individual patches that fix these issues? The Debian branch > for the next stable distribution is already frozen, so I cannot fix > these bugs with new upstream versions.
The three required commits are referenced now in Red Hat's Bugzilla entry at [1]. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1170233 > Jean-Francois Dockes proposed fixes for both CVEs. > > CVE-2014-9274 is addressed by > https://lists.gnu.org/archive/html/bug-unrtf/2014-12/msg00000.html > > CVE-2014-9275 is addressed by > https://lists.gnu.org/archive/html/bug-unrtf/2014-12/msg00001.html > > All three changes were incorporated upstream and shipped as a part of unrtf > 0.21.6. (http://hg.savannah.gnu.org/hgweb/unrtf/rev/891c2f431c90) Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
