Re: Wheezy update of poco?

To: Chris Lamb <lamby@debian.org>
Cc: poco@packages.debian.org, debian-lts@lists.debian.org
Subject: Re: Wheezy update of poco?
From: Jochen Sprickerhof <jspricke@debian.org>
Date: Sun, 7 Jan 2018 09:09:27 +0100
Message-id: <[🔎] 20180107080927.GI17182@vis>
In-reply-to: <[🔎] 1515231027.914703.1226136712.766BC905@webmail.messagingengine.com>
References: <[🔎] 1515231027.914703.1226136712.766BC905@webmail.messagingengine.com>

Hi Chris,

* Chris Lamb <lamby@debian.org> [2018-01-06 09:30]:

The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of poco:
https://security-tracker.debian.org/tracker/source-package/poco


I've pushed a backported and tested version of the patch here:

https://anonscm.debian.org/cgit/collab-maint/poco.git/log/?h=wheezy/CVE-2017-1000472

Would be great if someone could review it (esp. the addedisValidPath()).

Would you like to take care of this yourself?


Yes, I will continue along the wiki guide tomorrow evening.

Btw. Does anyone know why the fix for CVE-2014-0350 is not backportedwheezy?


Btw2. I prepared a patch for stretch as well, already:

https://anonscm.debian.org/cgit/collab-maint/poco.git/log/?h=stretch/CVE-2017-1000472

Cheers Jochen

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Wheezy update of poco?
  - From: Chris Lamb <lamby@debian.org>

References:
- Wheezy update of poco?
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Re: Wheezy update of gifsicle?
Next by Date: Wheezy update of plexus-utils & plexus-utils2?
Previous by thread: Wheezy update of poco?
Next by thread: Re: Wheezy update of poco?
Index(es):
- Date
- Thread