Re: CVE-2017-5617: svgSalamander
Control: tags -1 pending
On 02/01/2017 10:08 AM, Bas Couwenberg wrote:
> On 2017-02-01 09:35, Bas Couwenberg wrote:
>> Including the JOSM developers (email@example.com) is also a
>> good idea, they (and Vincent Privat in particular) have contributed
>> patches to svgSalamander recently.
>> I'll report the issue in the JOSM Trac since it also affects the
>> embedded copy in their upstream SVN repo.
> JOSM issue: https://josm.openstreetmap.de/ticket/14319
Vicent Privat has fixed the issue for JOSM, and I've added a patch to
the svgsalamander Debian package with his changes.
We may want to include the regression test too, but I'm not sure how
that works in svgsalamander.
If we can't do that easily, we should just keep the patch as-is without
the regression tests that are included for JOSM.
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1