On Sat, Dec 1, 2018 at 6:35 AM Thorsten Alteholz wrote: > Package : nsis > Version : 2.46-10+deb8u1 > CVE ID : CVE-2015-9267 CVE-2015-9268 > > Among others, Andre Heinicke from gpg4win.org found several issues of > nsis, a tool for creating quick and user friendly installers for > Microsoft Windows operating systems.
I note that the Debian package win32-loader (and the corresponding .exe version) likely need to be rebuilt using the fixed version of NSIS. I suggest that a note of this be made somewhere in the security tracker repository so that any future fixes also get corresponding win32-loader rebuilds. There are no other reverse build-deps at this time but the note should mention that most likely all reverse build-deps need to be rebuilt, since nsis is a toolchainish package. http://ftp.debian.org/debian/tools/win32-loader/oldstable/ -- bye, pabs https://wiki.debian.org/PaulWise
