Re: CVE-2017-5617: svgSalamander
On 02/02/2017 07:44 AM, Sebastiaan Couwenberg wrote:
> Control: tags -1 pending
>
> On 02/01/2017 10:08 AM, Bas Couwenberg wrote:
>> On 2017-02-01 09:35, Bas Couwenberg wrote:
>>> Including the JOSM developers (josm-dev@openstreetmap.org) is also a
>>> good idea, they (and Vincent Privat in particular) have contributed
>>> patches to svgSalamander recently.
>>>
>>> I'll report the issue in the JOSM Trac since it also affects the
>>> embedded copy in their upstream SVN repo.
>>
>> JOSM issue: https://josm.openstreetmap.de/ticket/14319
>
> Vicent Privat has fixed the issue for JOSM, and I've added a patch to
> the svgsalamander Debian package with his changes.
>
> We may want to include the regression test too, but I'm not sure how
> that works in svgsalamander.
>
> If we can't do that easily, we should just keep the patch as-is without
> the regression tests that are included for JOSM.
I want the fixed package uploaded ASAP, preferably today because
tomorrow I leave for FOSDEM and aren't likely to be able to do an upload.
Felix, have you had a look at the patch?
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Reply to: