[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: potrace

> This is the potrace 0.14 diff, which supposedly resolves CVE-2016-8685
> and CVE-2016-8686 (which was previously described as not a bug in
> #843861).
> Unfortunately, it is somewhat large...
> https://github.com/skyrpex/potrace/commit/b3fce824046abcc0465deb5596d4556b132c77aa

It looks like most of the changes are not related to the CVEs.

And the part fixing CVE-2016-8685 is identical to the patch that was
already used in stretch (which is buggy in wheezy).


             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Reply to: