Hi,
On Tue, 2017-09-05 at 14:12 +0200, Rhonda D'Vine wrote:
>
> maybe you should look into the git repository of the package instead
> of
> assuming what I might mean. Because like written, I specificly mean
> CVE-2017-10965 and CVE-2017-10966 which are fixed in the package that
> I
> uploaded
Dear Lucas,
maybe you should look into the git repository of the package instead of
assuming what I might mean. Because like written, I specificly mean
CVE-2017-10965 and CVE-2017-10966 which are fixed in the package that I
uploaded to stretch-proposed and was approved (see #870659). It is
Hi Rhonda,
The 2 CVEs that I marked as no DSA, security team did the same for
stretch: CVE-2017-10965 e CVE-2017-1066. Probably you are talking about
CVE-2017-5393 e CVE-2017-5394, maybe CVE-2017-5356. Those were marked as
no DSA by another member of the team (LTS and/or security), so I did not
in
Hi,
erm, those two are already in the stretch-proposed-updates, it
shouldn't be much of a burden to carry that over to jessie and then
wheezy. If you really think of leaving those out while they are readily
available this looks kinda strange to me, and is just wasted efford
because I will hav
On Tue, Sep 05, 2017 at 10:30:03AM +0200, Raphael Hertzog wrote:
> On Sun, 03 Sep 2017, Hugo Lefeuvre wrote:
> >These CVEs are especially difficult to reproduce because wheezy's gcc
> >doesn't have asan and reproduction conditions might require a specific
> >setup.
>
> FWIW, I have bee
On Sun, 03 Sep 2017, Hugo Lefeuvre wrote:
>These CVEs are especially difficult to reproduce because wheezy's gcc
>doesn't have asan and reproduction conditions might require a specific
>setup.
FWIW, I have been able to reproduce quite a few issues detected by ASAN
with valgrind which d
