Hi Chris, * Chris Lamb <la...@debian.org> [2018-01-06 09:30]:
The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of poco: https://security-tracker.debian.org/tracker/source-package/poco
I've pushed a backported and tested version of the patch here: https://anonscm.debian.org/cgit/collab-maint/poco.git/log/?h=wheezy/CVE-2017-1000472Would be great if someone could review it (esp. the added isValidPath()).
Would you like to take care of this yourself?
Yes, I will continue along the wiki guide tomorrow evening.Btw. Does anyone know why the fix for CVE-2014-0350 is not backported wheezy?
Btw2. I prepared a patch for stretch as well, already: https://anonscm.debian.org/cgit/collab-maint/poco.git/log/?h=stretch/CVE-2017-1000472 Cheers Jochen
signature.asc
Description: PGP signature
