Re: CVE-2017-5617: svgSalamander
On 02/02/2017 07:09 PM, Sebastiaan Couwenberg wrote:
> On 02/02/2017 07:44 AM, Sebastiaan Couwenberg wrote:
>> On 02/01/2017 10:08 AM, Bas Couwenberg wrote:
>>> On 2017-02-01 09:35, Bas Couwenberg wrote:
>>>> Including the JOSM developers (firstname.lastname@example.org) is also a
>>>> good idea, they (and Vincent Privat in particular) have contributed
>>>> patches to svgSalamander recently.
>>>> I'll report the issue in the JOSM Trac since it also affects the
>>>> embedded copy in their upstream SVN repo.
>>> JOSM issue: https://josm.openstreetmap.de/ticket/14319
>> Vicent Privat has fixed the issue for JOSM, and I've added a patch to
>> the svgsalamander Debian package with his changes.
>> We may want to include the regression test too, but I'm not sure how
>> that works in svgsalamander.
>> If we can't do that easily, we should just keep the patch as-is without
>> the regression tests that are included for JOSM.
> I want the fixed package uploaded ASAP, preferably today because
> tomorrow I leave for FOSDEM and aren't likely to be able to do an upload.
I've uploaded the fixed svgsalamander to unstable, and also ported the
patch to the package in jessie & wheezy.
I'll coordinate with the security & LTS teams before uploading to
package for jessie & wheezy.
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1