CVE-2017-6311
Jeremy Bicha
jbicha at ubuntu.com
Wed Mar 22 21:24:42 UTC 2017
On Wed, Mar 22, 2017 at 10:59 AM, Jeremy Bicha <jbicha at ubuntu.com> wrote:
> I'm bumping Debian's gdk-pixbuf tracking bugs to serious for now so it
> won't automatically migrate to testing later unless we lower the
> severity again. (But this change wasn't intended for stretch anyway.)
I misunderstood the bugs here so I set the 3 existing gdk-pixbuf bugs
back to their previous status.
Salvatore, it would have been useful if you had opened a Debian bug
for this CVE and you could have at least temporarily set it to
Serious.
I've done this for you at https://bugs.debian.org/858491
Could you check if stretch's gnome-desktop3 has the same
vulnerability? If so, it doesn't make sense to block the gdk-pixbuf
thumbnailer.
Thanks,
Jeremy Bicha
More information about the pkg-gnome-maintainers
mailing list