Re: What to do with jbig2dec in wheezy and jessie

To: Ola Lundqvist <ola@inguza.com>
Cc: Raphael Hertzog <hertzog@debian.org>, Debian LTS <debian-lts@lists.debian.org>, Debian Security Team <team@security.debian.org>, debian-printing@lists.debian.org, Jonas Smedegaard <dr@jones.dk>
Subject: Re: What to do with jbig2dec in wheezy and jessie
From: Luciano Bello <luciano@debian.org>
Date: Tue, 31 Jan 2017 23:48:08 -0500
Message-id: <[🔎] 1669265.PfsIaU1miV@box>
In-reply-to: <CABY6=0kSDP22y6RZYTcgkF5Wqk1NDR3iGFfWZG5DLiM9eBE59w@mail.gmail.com>
References: <20170126141459.2xdli67ld3ztp5bv@home.ouaza.com> <CABY6=0kSDP22y6RZYTcgkF5Wqk1NDR3iGFfWZG5DLiM9eBE59w@mail.gmail.com>

On Thursday, 26 January 2017 21:05:46 EST Ola Lundqvist wrote:
> > I started to work on fixing jbig2dec/wheezy for
> > https://security-tracker.debian.org/tracker/CVE-2016-9601 but
> > the patch that allegedly fixes the current issue is rather invasive
> > and while looking at the git history you will quickly see
> > that allmost all the changes since the version that we have in wheezy and
> > jessie are potential security issues that were never assigned any CVE:
> > http://git.ghostscript.com/?p=jbig2dec.git;a=shortlog

Hi Ola and Raphael,
 First, sorry for delay in the answer.
 About the jbig2dec, how can be sure that we are not breaking user programs 
linked to the lib?

/l

Reply to:

Follow-Ups:
- Re: What to do with jbig2dec in wheezy and jessie
  - From: Ola Lundqvist <ola@inguza.com>

Prev by Date: Re: Tools for testing LTS updates
Next by Date: Re: [Secure-testing-commits] r48631 - in data: . CVE
Previous by thread: Re: Tools for testing LTS updates
Next by thread: Re: What to do with jbig2dec in wheezy and jessie
Index(es):
- Date
- Thread