Bug#853134: CVE-2017-5617: svgSalamander
Sebastiaan Couwenberg
sebastic at xs4all.nl
Fri Feb 3 08:33:45 UTC 2017
On 02/02/2017 07:09 PM, Sebastiaan Couwenberg wrote:
> On 02/02/2017 07:44 AM, Sebastiaan Couwenberg wrote:
>> On 02/01/2017 10:08 AM, Bas Couwenberg wrote:
>>> On 2017-02-01 09:35, Bas Couwenberg wrote:
>>>> Including the JOSM developers (josm-dev at openstreetmap.org) is also a
>>>> good idea, they (and Vincent Privat in particular) have contributed
>>>> patches to svgSalamander recently.
>>>>
>>>> I'll report the issue in the JOSM Trac since it also affects the
>>>> embedded copy in their upstream SVN repo.
>>>
>>> JOSM issue: https://josm.openstreetmap.de/ticket/14319
>>
>> Vicent Privat has fixed the issue for JOSM, and I've added a patch to
>> the svgsalamander Debian package with his changes.
>>
>> We may want to include the regression test too, but I'm not sure how
>> that works in svgsalamander.
>>
>> If we can't do that easily, we should just keep the patch as-is without
>> the regression tests that are included for JOSM.
>
> I want the fixed package uploaded ASAP, preferably today because
> tomorrow I leave for FOSDEM and aren't likely to be able to do an upload.
I've uploaded the fixed svgsalamander to unstable, and also ported the
patch to the package in jessie & wheezy.
I'll coordinate with the security & LTS teams before uploading to
package for jessie & wheezy.
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
More information about the pkg-java-maintainers
mailing list