[xml/sgml-pkgs] Bug#679280: Bug#679280: Bug#679280: CVE-2012-2807

Tue Jul 3 05:08:37 UTC 2012

Frankly, I can't understand what the patch did.

On Tue, Jul 3, 2012 at 5:08 AM, Michael Gilbert <mgilbert at debian.org> wrote:
> On Sun, Jul 1, 2012 at 3:55 AM, Aron Xu wrote:
>>
>> On Jul 1, 2012 5:24 AM, "Michael Gilbert" <mgilbert at debian.org> wrote:
>>>
>>> > I'm still investigating the problem and more details about it are
>>> > welcomed, please don't NMU for either unstable or stable.
>>>
>>> Why?  This kind of statement requires some kind of justification (such
>>> as the proposed commit is incomplete or wrong or something like that).
>>>  Otherwise, why slow down others trying to help?
>>>
>>> Best wishes,
>>> Mike
>>>
>>
>> Actually I am not very willing to apply random patch without upstream
>> acknowledgement or a clear statement of what problem it tries to fix. For
>> this very issue, the solution is not clear to me about what problem it's
>> trying to mitigate, and at the same time looks ugly on hard coding a magic
>> size of 1024*1024*512 without a proper description. So I ask people don't
>> NMU and give me more time to investigate.
>
> As the new maintainer, you should probably request access to the
> chromium security mailing list since they tend to find a lot of the
> security issues disclosed for libxml2.
>
> Best wishes,
> Mike
>
>
>
> _______________________________________________
> debian-xml-sgml-pkgs mailing list
> debian-xml-sgml-pkgs at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-xml-sgml-pkgs

-- 
YunQiang Su