Control: forwarded -1 https://issues.apache.org/jira/browse/FOP-2668
On 2017-04-26 08:07:33, Mathieu Malaterre wrote: > Hi Ola, > > On Sun, Apr 23, 2017 at 9:46 PM, Ola Lundqvist <o...@inguza.com> wrote: >> Dear maintainer(s), >> >> The Debian LTS team would like to fix the security issues which are >> currently open in the Wheezy version of fop: >> https://security-tracker.debian.org/tracker/CVE-2017-5661 >> >> Would you like to take care of this yourself? > > The CVE is very unclear to me. It seems I need to upload fop 2.2 in > place of fop 2.1. Since we are in the middle of the freeze it does not > make much sense to make such upload in sid right now. I have found the upstream issue, for what it's worth. That may be helpful to backport a patch in jessie / sid. A. -- La publicité est la dictature invisible de notre société. - Jacques Ellul
