On Wed, 2015-12-30 at 20:19 +0800, Ying-Chun Liu (PaulLiu) wrote: [...] > I've made a patch. As attachment. I don't think it's a complete fix, as it doesn't check that there's enough space for the terminating null (or shift sequence, where needed). > Should I just push it to unstable? Or I need to do some further steps > before that? You should probably coordinate with maintainers of other affected packages, e.g. claws-mail. There is an upstream fix for claws-mail, although it's not quite right (see my comment on security-tracker). > I didn't see any bug numbers against macopix package for CVE-2015-8614. > What's the best next step? So far as I know it's not necessary to create a bug report, though there's no harm in doing so. Ben. -- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
Attachment:
signature.asc
Description: This is a digitally signed message part