[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of libofx?

Hi Thorsten,

Sorry, I am completely snowed under with private life. So, please go
ahead with libofx.
Some links that could save your time: [1] is the upstream patch
already apply in sid and buster. [2] is an example of ofx file that
crash libofx.

Best regards,

[1] https://anonscm.debian.org/git/pkg-gnucash/libofx.git/tree/debian/patches/CVE-2017-2816.patch
[2] https://bugzilla.novell.com/show_bug.cgi?id=CVE-2017-2816

2017-09-24 19:45 GMT+02:00 Thorsten Alteholz <debian@alteholz.de>:
> Hi Dylan,
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of libofx:
> https://security-tracker.debian.org/tracker/source-package/libofx
> Would you like to take care of this yourself?
> If yes, please follow the workflow we have defined here:
> https://wiki.debian.org/LTS/Development
> If that workflow is a burden to you, feel free to just prepare an
> updated source package and send it to debian-lts@lists.debian.org
> (via a debdiff, or with an URL pointing to the source package,
> or even with a pointer to your packaging repository), and the members
> of the LTS team will take care of the rest. Indicate clearly whether you
> have tested the updated package or not.
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.
> You can also opt-out from receiving future similar emails in your
> answer and then the LTS Team will take care of libofx updates
> for the LTS releases.
> Thank you very much.
> Thorsten,
>   on behalf of the Debian LTS team.
> PS: A member of the LTS team might start working on this update at
> any point in time. You can verify whether someone is registered
> on this update in this file:
> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup

Reply to: