clone 414045 -1 reopen -1 reassign -1 graphicsmagick notforwarded -1 thanks
Hi Larry, On Tue, Apr 03, 2007 at 10:36:40PM -0700, [EMAIL PROTECTED] wrote: > I suspect the RMs are ignoring it because it's tagged > security, and "we can always put out security fixes > post-release". > This bug sits in a misleading status, though, because > the patches I posted apply to both graphicsmagick and > libx11. So the BTS doesn't currently have an RC bug > applied to graphicsmagick. > I suggest you do the following: > - clone the bug to graphicsmagick > - add "patched" tags > - post clarifications (and links, maybe with md5sums) as to > what image files generate the two bugs. > I don't want to take those first two steps myself, > since IANADD, and I'd probably bungle them. If you want > to delegate the last step to me, I can do that. Well, you don't have to be a DD to make those changes; and anyway, there are plenty of eyeballs on the release-critical bugs who will help if you do misstep. :) Anyway, I've done the first two bits, the third seems like something for someone closer to the bug. I don't see any particular reason that graphicsmagick should be specially discriminated against by the security team when it comes to segfaults on untrusted input, so I'm leaving the severity at 'grave' for now. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
