Re: [SECURITY] [DLA 1602-1] nsis security update

To: debian-lts@lists.debian.org
Subject: Re: [SECURITY] [DLA 1602-1] nsis security update
From: Paul Wise <pabs@debian.org>
Date: Sat, 1 Dec 2018 07:07:08 +0800
Message-id: <[🔎] CAKTje6HhsH3_nWOSP17YmMj4w-R3m0fLj8Yi-KngmHvK0VzZjQ@mail.gmail.com>
In-reply-to: <alpine.DEB.2.20.1811302322090.27678@jupiter.server.alteholz.net>
References: <alpine.DEB.2.20.1811302322090.27678@jupiter.server.alteholz.net>

On Sat, Dec 1, 2018 at 6:35 AM Thorsten Alteholz wrote:

> Package        : nsis
> Version        : 2.46-10+deb8u1
> CVE ID         : CVE-2015-9267 CVE-2015-9268
>
> Among others, Andre Heinicke from gpg4win.org found several issues of
> nsis, a tool for creating quick and user friendly installers for
> Microsoft Windows operating systems.

I note that the Debian package win32-loader (and the corresponding
.exe version) likely need to be rebuilt using the fixed version of
NSIS. I suggest that a note of this be made somewhere in the security
tracker repository so that any future fixes also get corresponding
win32-loader rebuilds. There are no other reverse build-deps at this
time but the note should mention that most likely all reverse
build-deps need to be rebuilt, since nsis is a toolchainish package.

http://ftp.debian.org/debian/tools/win32-loader/oldstable/

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

Prev by Date: Re: not many tasks in dla-needed.txt, is extra CVE triaging required
Previous by thread: Re: not many tasks in dla-needed.txt, is extra CVE triaging required
Index(es):
- Date
- Thread