Re: calibre / CVE-2018-7889

To: Antoine Beaupré <anarcat@orangeseeds.org>, Raphael Hertzog <hertzog@debian.org>
Cc: debian-lts@lists.debian.org, security@debian.org
Subject: Re: calibre / CVE-2018-7889
From: Brian May <bam@debian.org>
Date: Fri, 04 May 2018 16:59:43 +1000
Message-id: <[🔎] 87in839a8w.fsf@silverfish.pri>
In-reply-to: <[🔎] 87lgd18amt.fsf@silverfish.pri>
References: <87woxfbjvp.fsf@silverfish.pri> <87in8x326u.fsf@curie.anarc.at> <20180412081725.GB30420@home.ouaza.com> <87a7u83alh.fsf@curie.anarc.at> <87tvsbaam4.fsf@silverfish.pri> <8736zuyakb.fsf@curie.anarc.at> <87h8o9asva.fsf@silverfish.pri> <87po2wutrd.fsf@curie.anarc.at> <87muy0usv1.fsf@curie.anarc.at> <[🔎] 87lgd18amt.fsf@silverfish.pri>

CCed to security team.

Hello Security Team,

Upstream feel that the fix for this is to provide a warning to the
user. See:

https://lists.debian.org/debian-lts/2018/04/msg00098.html

(actually I can't find this warning in the code... but only a quick
search so far...)

However I don't think this is a real solution to the security
problem. As a result I am prone to mark this no-dsa in wheezy.

What do you think?
-- 
Brian May <bam@debian.org>

Reply to:

References:
- Re: calibre / CVE-2018-7889
  - From: Brian May <bam@debian.org>

Prev by Date: Re: upload ocaml
Next by Date: Re: wheezy-security (LTS) libclamav7's version is newer than jessie's
Previous by thread: Re: calibre / CVE-2018-7889
Next by thread: Re: [SECURITY] [DLA 1369-1] linux security update
Index(es):
- Date
- Thread