Hi Ola, The issues CVE-2016-8677 and CVE-2016-9559 were fixed by Antione when he uploaded that latest imagemagick update to LTS. However, the announcement (DLA-756-1) did not list those issues among the issues that were addressed by that update. I have already mentioned it to him a couple of days ago via private email.
Regards, -Roberto On Wed, Dec 28, 2016 at 09:39:42PM +0100, Ola Lundqvist wrote: > Hi > > We will handle it. Take care. > > // Ola > > On 28 December 2016 at 21:15, Bastien Roucaries > <roucaries.bast...@gmail.com> wrote: > > Take care for this time. I lack tome now (babies) > > > > > > Le 23 décembre 2016 23:32:17 GMT+01:00, Ola Lundqvist <o...@inguza.com> a > > écrit : > >> > >> Hello dear maintainer(s), > >> > >> the Debian LTS team would like to fix the security issues which are > >> currently open in the Wheezy version of imagemagick: > >> https://security-tracker.debian.org/tracker/CVE-2016-8677 > >> https://security-tracker.debian.org/tracker/CVE-2016-9559 > >> > >> Would you like to take care of this yourself? > >> > >> If yes, please follow the workflow we have defined here: > >> https://wiki.debian.org/LTS/Development > >> > >> If that workflow is a burden to you, feel free to just prepare an > >> updated source package and send it to debian-lts@lists.debian.org > >> (via a debdiff, or with an URL pointing to the source package, > >> or even with a pointer to your packaging repository), and the members > >> of the LTS team will > >> take care of the rest. Indicate clearly whether you > >> have tested the updated package or not. > >> > >> If you don't want to take care of this update, it's not a problem, we > >> will do our best with your package. Just let us know whether you would > >> like to review and/or test the updated package before it gets released. > >> > >> You can also opt-out from receiving future similar emails in your > >> answer and then the LTS Team will take care of imagemagick updates > >> for the LTS releases. > >> > >> Thank you very much. > >> > >> Ola Lundqvist, > >> on behalf of the Debian LTS team. > >> > >> PS: A member of the LTS team might start working on this update at > >> any point in time. You can verify whether someone is registered > >> on this update in this file: > >> > >> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup > > > > > > -- > > Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté. > > > > -- > --- Inguza Technology AB --- MSc in Information Technology ---- > / o...@inguza.com Folkebogatan 26 \ > | o...@debian.org 654 68 KARLSTAD | > | http://inguza.com/ Mobile: +46 (0)70-332 1551 | > \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / > --------------------------------------------------------------- > -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com