[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of icoutils?


I have now prepared an upload that fix four different CVEs. Well
different is a little much to say as two pairs of them are definitely
connected to each other.

In any case here is the prepared package:

The debdiff is available in that directory.

I have done a simple regression test of the patched wrestool (by
running it against putty.exe) and I can see no difference. I have not
tried to reproduce the reported problems. As I have applied the
upstream corrections as is (more or less) I expect upstream to have
done that kind of testing.

If no-one objects (and my regression test works out fine) I will
upload a correction in four days, that is on monday.

Best regards

// Ola

On 8 January 2017 at 09:39, Colin Watson <cjwatson@debian.org> wrote:
> On Sat, Jan 07, 2017 at 05:42:27PM +0000, Chris Lamb wrote:
>> Colin,
>> > I'm afraid I'm not going to have time to issue stable/LTS updates, but
>> > I've attached a patch to the bug which should be usable for this.
>> Thanks for letting us know! However, you didn't attach the patch — may I
>> assume you meant:
>>  https://anonscm.debian.org/git/users/cjwatson/icoutils.git/tree/debian/patches/check-offset-overflow.patch?id=aee501424b6b4234006415c9d2f802b52064e327
> I attached it to the bug, just not to my previous mail :-)
>   https://bugs.debian.org/cgi-bin/bugreport.cgi?att=4;bug=850017;filename=0001-Fix-check_offset-overflow-on-64-bit-systems.patch;msg=8
> But yes, much the same thing.
> Cheers,
> --
> Colin Watson                                       [cjwatson@debian.org]

 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /

Reply to: