Hi Antoine, On 26/10/16 19:43, Antoine Beaupré wrote: > Hi Santiago (and others), > > I have prepared a wheezy LTS security upload for tre here: > > https://people.debian.org/~anarcat/debian/wheezy-lts/ > > The debdiff is attached to this message. I have also sent the ported > patch to the following bug report:
+tre (0.8.0-3+deb7u1) UNRELEASED; urgency=high + + * Non-maintainer upload by the Security Team. + * new patch to fix CVE-2016-8859 + + -- Antoine Beaupré <anar...@debian.org> Wed, 26 Oct 2016 13:04:31 -0400 Probably s/Security/LTS/. > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842169 > > I am not sure how to perform tests against tre, unfortunately, so I am > not in a good position to test that package. I don't know if there is a test case for this overflow, but at the very least, you could do some basic testing on tre-agrep, which seems like a grep clone, and make sure the basics still work? Cheers, Emilio
