[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#910396: stretch-pu: package libgd2/2.2.4-2+deb9u3

Control: tags -1 - moreinfo

Hi Adam,

On Sat, Oct 06, 2018 at 10:59:38AM +0100, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
> 
> On Fri, 2018-10-05 at 22:56 +0200, Moritz Muehlenhoff wrote:
> > Two minor security issues fixed in libgd2, not worth a DSA. Debdiff
> > below.
> > 
> 
> They both appear to be unfixed in unstable, at least according to the
> Security Tracker.

That is right, the problem there is that libgd2 has several RC issues.
To help get the fixes for stretch in the 9.6 point release I have
prepared a NMU for unstable, adressing 1/ the both CVEs and 2/ the
suggested change from Adrian Bunk in #906840.

There will still be two RC bugs for libgd2, which I did not explicitly
wanted to take action on (one for the maintainer address, and one
spotted by the FTP masters), but hope the NMU can help here to get the
two CVE fixed for stretch.

Let me know though if you think that is not usefull/helpfull and I can
cancel the NMU.

Regards,
Salvatore
Reply to: