To fix opened securities hole into dolibarr stable package, i prepared the
following 3 patch. This patch is now already included into unstable.
It fixes the following CVE:
* Fix CVE-2016-1912 (Closes: #812496)
* Fix CVE-2015-8685 (Closes: #812449)
* Fix CVE-2015-3935 (Closes: #787762)
This is the
Hi Adam.
A fix was prepared to solve several CVE. Security team already answered me
they on't plan any DSA released for this patch. All fixes are already
included into unstable.
Can we push it into stable ? It fixes the following CVE:
* Fix CVE-2016-1912 (Closes: #812496)
* Fix CVE-2015-8685 (Clo
I made an error when copying and paste the CVE number in my first request.
Bug number was correct, so #814030, but CVE related is CVE-2017-6100
Also, this is the full debdiff (i previously provided only the patch file):
diff -Nru tcpdf-6.0.093+dfsg/debian/changelog tcpdf-6.0.093+dfsg/debian/
ch
Sorry. I didn't understood your answer (my english is not my mother
language).
You are speaking about "unstable".
I am speaking about pushing a CVE fix into stable 3.5.5. This fix is part
of a patch that include other fix and this patch is called 3.5.7.
My question is can I push fix1 + fix2 + fix
This is my point of view of what to do for this case:
My first choice was to not send any unblock request. Reaon is that CVE need
privileged account to be exploited, so it is not a high risk, and I would
not like to bother anybody.
However, Moritz Muehlenhoff ask me to provide a fix. A fix was al
5 matches
Mail list logo
