[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: backport of CVE-2010-3364 to vips/nip2 in testing

On Sun, 2010-10-10 at 15:29 -0400, Jay Berkenbilt wrote:
> The bug reported in bug 598296 is the security vulnerability
> CVE-2010-3364.  The bug was reported against vips 7.22, but it actually
> affects both vips and nip2, and it is present in all previous versions.
> Its fix is a simple change to some wrapper shell scripts.  The versions
> currently in unstable include upstream's fix to the bug, but the
> unstable versions have no possibility of migrating to testing since they
> are new upstream versions and depend on other things that are not going
> to transition.
> I have prepared new versions for testing, but as per your
> instructions, I have not uploaded them. (Anyway, I don't have a clean
> testing chroot set up at the moment, though I can always make one.)
> I'm attaching my diffs to this email.

Sorry for the delay in getting back to you about this.

Personally, I'd just have used ${foo:+foo} as you mentioned in #598296,
but if you'd prefer to use upstream's fix then that's fine; please go
ahead with the uploads to tpu.



Reply to: