Re: Wheezy update of imagemagick?
The issues CVE-2016-8677 and CVE-2016-9559 were fixed by Antione when he
uploaded that latest imagemagick update to LTS. However, the
announcement (DLA-756-1) did not list those issues among the issues that
were addressed by that update. I have already mentioned it to him a
couple of days ago via private email.
On Wed, Dec 28, 2016 at 09:39:42PM +0100, Ola Lundqvist wrote:
> We will handle it. Take care.
> // Ola
> On 28 December 2016 at 21:15, Bastien Roucaries
> <firstname.lastname@example.org> wrote:
> > Take care for this time. I lack tome now (babies)
> > Le 23 décembre 2016 23:32:17 GMT+01:00, Ola Lundqvist <email@example.com> a
> > écrit :
> >> Hello dear maintainer(s),
> >> the Debian LTS team would like to fix the security issues which are
> >> currently open in the Wheezy version of imagemagick:
> >> https://security-tracker.debian.org/tracker/CVE-2016-8677
> >> https://security-tracker.debian.org/tracker/CVE-2016-9559
> >> Would you like to take care of this yourself?
> >> If yes, please follow the workflow we have defined here:
> >> https://wiki.debian.org/LTS/Development
> >> If that workflow is a burden to you, feel free to just prepare an
> >> updated source package and send it to firstname.lastname@example.org
> >> (via a debdiff, or with an URL pointing to the source package,
> >> or even with a pointer to your packaging repository), and the members
> >> of the LTS team will
> >> take care of the rest. Indicate clearly whether you
> >> have tested the updated package or not.
> >> If you don't want to take care of this update, it's not a problem, we
> >> will do our best with your package. Just let us know whether you would
> >> like to review and/or test the updated package before it gets released.
> >> You can also opt-out from receiving future similar emails in your
> >> answer and then the LTS Team will take care of imagemagick updates
> >> for the LTS releases.
> >> Thank you very much.
> >> Ola Lundqvist,
> >> on behalf of the Debian LTS team.
> >> PS: A member of the LTS team might start working on this update at
> >> any point in time. You can verify whether someone is registered
> >> on this update in this file:
> >> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
> > --
> > Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
> --- Inguza Technology AB --- MSc in Information Technology ----
> / email@example.com Folkebogatan 26 \
> | firstname.lastname@example.org 654 68 KARLSTAD |
> | http://inguza.com/ Mobile: +46 (0)70-332 1551 |
> \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
Roberto C. Sánchez