On Mon, 2016-09-12 at 08:30 +1000, Brian May wrote:
> Hello,
>
> Have had a look at CVE-2016-7392 in autotrace, from a quick glance at
> source code, the code does:
>
> XMALLOC(pstoedit_suffix_table, sizeof(char *) * 2 * (dd_tmp - dd_start) + 1);
>
> Which I believe is the same as:
>
> XMALLOC(
Hi Hugo,
2016-09-12 0:18 GMT+02:00 Hugo Lefeuvre :
> Hi,
>
> I'd like to prepare an LTS upload for libav[0]. The upstream patch for
> CVE-2016-7393 is very simple and could be grouped with patches from older
> analogous CVEs like CVE-2015-8662 in a broad LTS upload.
>
> Does anybody think it's a b
Hello,
Have had a look at CVE-2016-7392 in autotrace, from a quick glance at
source code, the code does:
XMALLOC(pstoedit_suffix_table, sizeof(char *) * 2 * (dd_tmp - dd_start) + 1);
Which I believe is the same as:
XMALLOC(pstoedit_suffix_table, (sizeof(char *) * 2 * (dd_tmp - dd_start)) + 1);
Hi,
I'd like to prepare an LTS upload for libav[0]. The upstream patch for
CVE-2016-7393 is very simple and could be grouped with patches from older
analogous CVEs like CVE-2015-8662 in a broad LTS upload.
Does anybody think it's a bad idea ? These CVEs are minor security
issues, so we could also
On Sun, Sep 11, 2016 at 08:27:11PM +0200, Mateusz Łukasik wrote:
> > I think you also need to do the build with -sa, as you need to upload
> > the full sources to security-master.
>
> I pushed it to the mentors.
That wasn't really something for you, but more something for whoever
sponsor this.
T
On 10.09.2016 14:57 +0200, Mattia Rizzolo wrote:
Dear LTS team, Mateusz:
Hi Mattia!
On Thu, Jun 16, 2016 at 09:12:47AM +0200, Adam Borowski wrote:
On Thu, Jun 16, 2016 at 06:53:49AM +, Gianfranco Costamagna wrote:
Hi Adam,
(answering in general, not in this particular situation)
I'v
Hi Hugo,
2016-09-11 10:23 GMT+02:00 Hugo Lefeuvre :
> Hi,
>
> I've got nothing from the QEMU team, and another security issue has
> been reported for qemu[0]. A patch for CVE-2016-7170 is available,
> but I'd like to wait for an upstream approval before doing anything.
> It may take some time.
OK
Hi,
I've got nothing from the QEMU team, and another security issue has
been reported for qemu[0]. A patch for CVE-2016-7170 is available,
but I'd like to wait for an upstream approval before doing anything.
It may take some time.
So, I'll upload my changes for CVE-2016-7116 now, and prepare an o
