On 2018-01-07 03:29, Chris Lamb wrote:
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.
Please, update. You can go ahead a take
On Thursday, 26 January 2017 21:05:46 EST Ola Lundqvist wrote:
> > I started to work on fixing jbig2dec/wheezy for
> > https://security-tracker.debian.org/tracker/CVE-2016-9601 but
> > the patch that allegedly fixes the current issue is rather invasive
> > and while looking at the git history you w
On Friday 14 October 2016 11.30.58 Brian May wrote:
> I haven't looked yet at the additional security issues. Might get time
> this evening. If you want to do so, feel free to do so.
I have been avoiding that for weeks. I can wait, don't worry :)
BTW, we don't have to fix all the issues together.
On Monday 10 October 2016 08.17.29 you wrote:
> I realize that there are more security issues in graphicsmagick, which
> may or may not apply to wheezy, however I plan to upload the above
> version to wheezy-security, tomorrow. Then I will look into these
> additional issues.
Hi Brian,
Did you
On Monday 19 September 2016 18.25.31 Brian May wrote:
> While the code is a significant improvement on the old code, does this
> justify a security update?
>
> Possibly the answer is Yes, when combined with fixes for the other
> security issues against graphicsmagick. Thought I should check here
>
On Friday 19 August 2016 17.39.02 Brian May wrote:
> > All 45.3.0esr-1* versions are fixed, but this only actually affects when
> > playing videos with ffmpeg 0.10 installed. *not* ffmpeg 1.0, *not*
> > libav. So for most practical purposes, wheezy and jessie are not
> > /really/ affected as long a
On Monday 11 April 2016 09.12.58 Brian May wrote:
> How can we avoid duplicating efforts like this? Rereading this thread it
> looks like I wasn't the only one confused.
I think I should have check this before. I'm sorry for your frustration.
Yesterday I released the DSA.
Thanks for your work, l
On Thursday 07 April 2016 12.36.12 Brian May wrote:
> Found the problem. I didn't notice that this used ftp, and ftp is broken
> on my network because I haven't needed it in ages and haven't noticed it
> was broken.
Great! I will release the DSA tomorrow.
Thanks for your help, luciano
On Saturday 26 March 2016 17.40.39 Brian May wrote:
> > If you didn't get any other comment, fill free to upload to security
> > master. I'm not part of the LTS team, but I guess you can also update
> > there. I will release the DSA soon.
>
> Assume you mean both wheezy-security and jessie-securi
On Saturday 26 March 2016 07.54.01 Salvatore Bonaccorso wrote:
> > Assume you mean both wheezy-security and jessie-security versions?
>
> I guess yes, but Luciano has done the review. So please wait for his
> confirmation here.
Indeed. Thanks Salvatore for your comments.
Cheers, luciano
On Friday 25 March 2016 13.13.57 Antoine Beaupré wrote:
> I don't know if Luciano did, but I looked at the patch and they are
> okay, insofar as they match the upstream ones.
Oh.. geez. This fall out of my table. Sorry.
Two small comments, we usually use urgency=high (yes, even when I'm answering
On Thursday 10 March 2016 13.39.31 Brian May wrote:
> I have wheezy packages for testing:
> https://people.debian.org/~bam/wheezy/imagemagick/
>
> I also have jessie packages for testing:
> https://people.debian.org/~bam/jessie/imagemagick/
Sorry for the delay in the answer here.
I didn't test t
On Tuesday 08 March 2016 13.53.07 Brian May wrote:
> ...
> > Do you think is also possible to include the issues from
> > TEMP-0811308-B63DA1?
>
> All but one of the patches fails to apply. Suspect this will be
> non-trivial to fix. It is possible that this means the vulnerability
> doesn't exist.
On Sunday 06 March 2016 16.34.26 Brian May wrote:
> The following patch applied to the imagemagick in Debian wheezy should
> fix the security problem already resolved in squeeze. The patches have
> been ported from the squeeze version.
This is great! Thanks!
Just a small comment, we usually use hi
On Monday 14 December 2015 14.15.23 Santiago Ruano Rincón wrote:
> Luciano, I may upload them, unless you disagree or you want to do it by
> yourself.
Please go ahead!
Thanks for your patch :)
/luciano
On Saturday 28 November 2015 14.16.33 Guido Günther wrote:
> I've attached the patches for review. These also add some minimal
> autopkgtest to exercise the ASN1 parser (affected by the above CVEs).
>
> I'm happy about any review.
Thanks for your work and sorry for the delay in the answer.
I wil
16 matches
Mail list logo
