On Sun, Dec 21, 2014 at 03:08:00PM +0100, Salvatore Bonaccorso wrote: > Hi Willi, > > On Sun, Dec 14, 2014 at 10:10:58AM +0100, Willi Mann wrote: > > Hi Dave, > > > > does 0.21.7 solve both security issues reported? If yes, could point > > send me the individual patches that fix these issues? The Debian branch > > for the next stable distribution is already frozen, so I cannot fix > > these bugs with new upstream versions. > > The three required commits are referenced now in Red Hat's Bugzilla > entry at [1]. > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1170233 > > > Jean-Francois Dockes proposed fixes for both CVEs. > > > > CVE-2014-9274 is addressed by > > https://lists.gnu.org/archive/html/bug-unrtf/2014-12/msg00000.html > > > > CVE-2014-9275 is addressed by > > https://lists.gnu.org/archive/html/bug-unrtf/2014-12/msg00001.html > > > > All three changes were incorporated upstream and shipped as a part of unrtf > > 0.21.6. (http://hg.savannah.gnu.org/hgweb/unrtf/rev/891c2f431c90) > > Regards, > Salvatore
0.21.8 has just been released with range of fixes. We think all known security issues have been addressed. There is now a mecurial repository with a log file detailing changes. cheers Dave -- David F. Davey D'Entrecasteaux Phone: +61 3 6267 4852 378 Manuka Road Mobile: +61 428 674 852 Kettering Fax: +61 3 6267 4791 Tasmania 7155 Australia da...@windclimber.id.au -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
