Hello Raphael, Am Donnerstag, den 20.04.2017, 16:55 +0200 schrieb Raphael Hertzog: > Hi Jörg, > > On Sat, 25 Feb 2017, Jörg Frings-Fürst wrote: > > > the Debian LTS team would like to fix the security issues which are > > > currently open in the Wheezy version of sane-backends: > > > https://security-tracker.debian.org/tracker/CVE-2017-6318 > > > > > > Would you like to take care of this yourself? > > > > Yes, I do it. > > > > At the moment I'm waiting for a response from upstream. I think the > > patch breaks with the intention of the buggy function. > > What's the status? More than 50 days elapsed already... and since you are > affected to the issue, nobody else from the LTS team is looking at it. > The packages for stretch/sid and jessie are uploaded to mentors and I ask my sponsor for a review. > I saw you tagged #854804 as pending but I have not seen any fix in the > packaging git repository: > https://anonscm.debian.org/cgit/collab-maint/sane-backends.git > The upstream fix this here[1]. > The issue has been marked "no-dsa" in jessie. Do you intend to upload > a stable upload for jessie? Yes I do. > > Cheers, CU Jörg [1] https://anonscm.debian.org/cgit/sane/sane-backends.git/commit/frontend/saned.c?id=42896939822b44f44ecd1b6d35afdfa4473ed35d -- New: GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D GPG key (long) : 09F89F3C8CA1D25D GPG Key : 8CA1D25D CAcert Key S/N : 0E:D4:56 Old pgp Key: BE581B6E (revoked since 2014-12-31). Jörg Frings-Fürst D-54470 Lieser Threema: SYR8SJXB Wire: @joergfringsfuerst IRC: j_f-f@freenode.net j_f-f@oftc.net My wish list: - Please send me a picture from the nature at your home.
Attachment:
signature.asc
Description: This is a digitally signed message part