[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tre package ready for testing

Hi Antoine,

On 26/10/16 19:43, Antoine Beaupré wrote:
> Hi Santiago (and others),
> 
> I have prepared a wheezy LTS security upload for tre here:
> 
> https://people.debian.org/~anarcat/debian/wheezy-lts/
> 
> The debdiff is attached to this message. I have also sent the ported
> patch to the following bug report:

+tre (0.8.0-3+deb7u1) UNRELEASED; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * new patch to fix CVE-2016-8859
+
+ -- Antoine Beaupré <anarcat@debian.org>  Wed, 26 Oct 2016 13:04:31 -0400

Probably s/Security/LTS/.

> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842169
> 
> I am not sure how to perform tests against tre, unfortunately, so I am
> not in a good position to test that package.

I don't know if there is a test case for this overflow, but at the very least,
you could do some basic testing on tre-agrep, which seems like a grep clone, and
make sure the basics still work?

Cheers,
Emilio
Reply to: