severity 929597 important thanks The fix from upstream is still not available. I am not feeling confident enough to provide a fix for this complex peace of code without breaking it.
Also reducing the severity. If the security team decides to keep it "grave" - feel free to revert it. Regards Anton Am Mo., 3. Juni 2019 um 20:23 Uhr schrieb Anton Gladky <[email protected]>: > > There is no upstream fix still available. > > I am planning to decrease the severity of > the ticket to normal and track it as a simple > security issue. > > Anton > > Am Mo., 27. Mai 2019 um 23:01 Uhr schrieb Anton Gladky <[email protected]>: > > > > CVE-2019-12214 does not affect buster and stretch. > > Jessie should be double checked because an older > > version is used there. > > > > Anton > > > > Am So., 26. Mai 2019 um 22:01 Uhr schrieb Anton Gladky <[email protected]>: > > > > > > Hi Moritz, > > > > > > thanks for the reporting. As far as I see, there is still > > > no available fix from upstream. > > > > > > Cheers > > > > > > Anton > > > > > > Am So., 26. Mai 2019 um 21:27 Uhr schrieb Moritz Muehlenhoff > > > <[email protected]>: > > > > > > > > Source: freeimage > > > > Severity: grave > > > > Tags: security > > > > > > > > Please see > > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12211 > > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12212 > > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12213 > > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12214 > > > > > > > > Cheers, > > > > Moritz > > > > > > > > -- > > > > debian-science-maintainers mailing list > > > > [email protected] > > > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
