Re: Wheezy update of jbig2dec?

To: Chris Lamb <lamby@debian.org>
Cc: debian-lts@lists.debian.org, Debian Printing Team <debian-printing@lists.debian.org>
Subject: Re: Wheezy update of jbig2dec?
From: Didier 'OdyX' Raboud <odyx@debian.org>
Date: Fri, 06 Jan 2017 13:44:26 +0100
Message-id: <[🔎] 2247691.3yGqR9BZV7@odyx.org>
In-reply-to: <[🔎] 1483684138.2649064.839050369.60096758@webmail.messagingengine.com>
References: <[🔎] 1483684138.2649064.839050369.60096758@webmail.messagingengine.com>

Hi Chris,

Le vendredi, 6 janvier 2017, 06.28:58 h CET Chris Lamb a écrit :
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of jbig2dec:
> https://security-tracker.debian.org/tracker/source-package/jbig2dec
> 
> Would you like to take care of this yourself?

If you are referring to [CVE-2016-9601], it seems quite premature to fix this 
in Wheezy, as according to [GS:697457], there is currently no upstream fix 
available (so all our releases are apparently affected).

I am not going to write a fix for that myself, at least, but feel free to 
coordinate this with upstream!

-- 
Cheers,
    OdyX

[CVE-2016-9601] https://security-tracker.debian.org/tracker/CVE-2016-9601
[GS:697457] https://bugs.ghostscript.com/show_bug.cgi?id=697457

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- Wheezy update of jbig2dec?
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Processed: administrativia
Next by Date: Bug#850497: jbig2dec: CVE-2016-9601: Heap-buffer overflow due to Integer overflow in jbig2_image_new function
Previous by thread: Wheezy update of jbig2dec?
Next by thread: Processed: administrativia
Index(es):
- Date
- Thread