Hi I have now prepared an upload that fix four different CVEs. Well different is a little much to say as two pairs of them are definitely connected to each other.
In any case here is the prepared package: http://apt.inguza.net/wheezy-security/icoutils The debdiff is available in that directory. I have done a simple regression test of the patched wrestool (by running it against putty.exe) and I can see no difference. I have not tried to reproduce the reported problems. As I have applied the upstream corrections as is (more or less) I expect upstream to have done that kind of testing. If no-one objects (and my regression test works out fine) I will upload a correction in four days, that is on monday. Best regards // Ola On 8 January 2017 at 09:39, Colin Watson <cjwat...@debian.org> wrote: > On Sat, Jan 07, 2017 at 05:42:27PM +0000, Chris Lamb wrote: >> Colin, >> >> > I'm afraid I'm not going to have time to issue stable/LTS updates, but >> > I've attached a patch to the bug which should be usable for this. >> >> Thanks for letting us know! However, you didn't attach the patch — may I >> assume you meant: >> >> >> https://anonscm.debian.org/git/users/cjwatson/icoutils.git/tree/debian/patches/check-offset-overflow.patch?id=aee501424b6b4234006415c9d2f802b52064e327 > > I attached it to the bug, just not to my previous mail :-) > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?att=4;bug=850017;filename=0001-Fix-check_offset-overflow-on-64-bit-systems.patch;msg=8 > > But yes, much the same thing. > > Cheers, > > -- > Colin Watson [cjwat...@debian.org] > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
