|
From: | GNU bug Tracking System |
Subject: | [debbugs-tracker] bug#27519: closed (Podofo security bugs) |
Date: | Mon, 04 Feb 2019 23:35:02 +0000 |
Your message dated Tue, 5 Feb 2019 00:34:01 +0100 with message-id <address@hidden> and subject line Re: Podofo security bugs has caused the debbugs.gnu.org bug report #27519, regarding Podofo security bugs to be marked as done. (If you believe you have received this mail in error, please contact address@hidden) -- 27519: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27519 GNU Bug Tracking System Contact address@hidden with problems
--- Begin Message ---Subject: Podofo security bugs Date: Wed, 28 Jun 2017 11:49:23 -0400 User-agent: Mutt/1.8.3 (2017-05-23) There were some bugs with security implications reported in Podofo recently: http://seclists.org/oss-sec/2017/q2/0 http://seclists.org/oss-sec/2017/q2/1 http://seclists.org/oss-sec/2017/q2/2 I noticed some fixes committed to the Podofo SVN repo: https://sourceforge.net/p/podofo/mailman/podofo-svn/?viewmonth=201706 We need to try to cherry-pick these fixes.signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Subject: Re: Podofo security bugs Date: Tue, 5 Feb 2019 00:34:01 +0100 User-agent: Mutt/1.11.2 (2019-01-07) We have since packaged a new release of PoDoFo (0.9.6) which apparently fixed many bugs. The PoDoFo team does not write changelogs or any sort of release announcement file. Their SVN repo includes several commits like "Fix CVE-XXX" followed by "Really fix CVE-XXX". Since PoDoFo is not widely used in Guix (only by calibre and Scribus), I'm not going to dig in to whether or not these bugs are really fixed or not in the current Guix package. At this point, this bug report is not helping us much, so I am closing it :)signature.asc
Description: PGP signature
--- End Message ---
[Prev in Thread] | Current Thread | [Next in Thread] |