Re: graphicsmagick / CVE-2016-7447

To: Luciano Bello <luciano@debian.org>, Brian May <brian@linuxpenguins.xyz>
Cc: Debian Security Team <team@security.debian.org>, debian-lts@lists.debian.org
Subject: Re: graphicsmagick / CVE-2016-7447
From: László Böszörményi (GCS) <gcs@debian.org>
Date: Mon, 19 Sep 2016 19:23:19 +0200
Message-id: <[🔎] CAKjSHr24w-Fc3eVfFEQB99jzyLxM8jkubE5HFbDjV+OtYTc5Gw@mail.gmail.com>
In-reply-to: <[🔎] 3357847.8JA21Eyi59@box>
References: <[🔎] 87zin4l2is.fsf@prune.linuxpenguins.xyz> <[🔎] 3357847.8JA21Eyi59@box>

On Mon, Sep 19, 2016 at 7:14 PM, Luciano Bello <luciano@debian.org> wrote:
> On Monday 19 September 2016 18.25.31 Brian May wrote:
>> While the code is a significant improvement on the old code, does this
>> justify a security update?
>>
>> Possibly the answer is Yes, when combined with fixes for the other
>> security issues against graphicsmagick. Thought I should check here
>> however.
>
> We have many pending issues with graphicsmagick, so we can definitely add this
> one in the list.
>
> Laszlo, are you still working on this?
 Do you mean updating Wheezy? As discussed with Raphaël, it's better
if I don't support it. Also, I've seen a discussion on LTS mailing
list that you don't have enough work, so it's fine with me to do it
yourself.
With the Jessie update, I've a big lag. :( Worked on other RC bugs and
Jessie PUs. :(

Regards,
Laszlo/GCS

Reply to:

References:
- graphicsmagick / CVE-2016-7447
  - From: Brian May <brian@linuxpenguins.xyz>
- Re: graphicsmagick / CVE-2016-7447
  - From: Luciano Bello <luciano@debian.org>

Prev by Date: Please use clean chroot (sbuild/pbuilder/etc.) for LTS uploads
Next by Date: Re: graphicsmagick / CVE-2016-7447
Previous by thread: Re: graphicsmagick / CVE-2016-7447
Next by thread: libarchive12: ldconfig warns that libarchive.so.12 is not a symbolic link
Index(es):
- Date
- Thread