Ben Hutchings writes:
> Or with only parentheses added:
>
> XMALLOC(pstoedit_suffix_table, sizeof(char *) * (2 * (dd_tmp -
> dd_start) + 1));
Yes, that looks simpler.
Confirmed this fixes the problem, at least on wheezy.
Without patch:
=== cut ===
(wheezy-amd64-default)root@prune:/tmp/brian/t
Brian May writes:
> Confirmed this fixes the problem, at least on wheezy.
I have a package available for testing.
https://people.debian.org/~bam/debian/pool/main/a/autotrace/
Attached is the debdiff.
--
Brian May
diff -Nru autotrace-0.31.1/debian/changelog autotrace-0.31.1/debian/changelog
-
On 12.09.2016 00:46, Bálint Réczey wrote:
> Hi Hugo,
>
> 2016-09-12 0:18 GMT+02:00 Hugo Lefeuvre :
>> Hi,
>>
>> I'd like to prepare an LTS upload for libav[0]. The upstream patch for
>> CVE-2016-7393 is very simple and could be grouped with patches from older
>> analogous CVEs like CVE-2015-8662 i
Hi,
> I'm counting 22 open CVEs for libav at the moment. Which of them do you
> intend to address with your fixes? Do you mind working together with
> Hugo Lefeuvre on some issues? I could imagine you both could pool your
> resources together.
(24 if we count the two issues marked no-dsa by the s
On Mon, Sep 12, 2016 at 12:52:32PM +0200, Hugo Lefeuvre wrote:
> Hi,
>
> > I'm counting 22 open CVEs for libav at the moment. Which of them do you
> > intend to address with your fixes? Do you mind working together with
> > Hugo Lefeuvre on some issues? I could imagine you both could pool your
> >
Hi Moritz,
> All of the issues marked don't have upstream fixes in the
> sense that libav fixed them, only fixes in ffmpeg git.
>
> If you want to address them in oldstable/stable, you should get the libav
> developers
> to merge them first.
Thanks for the advice. Indeed, it would be better
Hello,
I had a look at CVE-2016-6662. Looks pretty simple to understand. Looks
like the ability for mysqld to create arbitrary log files - that may
overwrite/create config files with write permissions for the mysql user
- is a key factor.
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Ro
On 2016-09-12 18:34:34, Brian May wrote:
> Hello,
>
> I had a look at CVE-2016-6662. Looks pretty simple to understand. Looks
> like the ability for mysqld to create arbitrary log files - that may
> overwrite/create config files with write permissions for the mysql user
> - is a key factor.
>
> htt
I was looking over the dla-needed.txt entries and saw that mysql-5.5 was
in need of a DLA, so I claimed it. However, before I begin preparing
the update, I thought I would ask a couple of questions to ensure that I
understand clearly what needs to be done.
Looking at the PTS and the history of th
On Sun, Sep 11, 2016 at 10:59:48AM +1000, Brian May wrote:
> Raphael Hertzog writes:
>
> > I have put myself a note to review the internal documentation to ensure we
> > have something about this. It would be good to have something in the wiki
> > as well.
> >
> > Anyone should feel free to do it
10 matches
Mail list logo
