[Pkg-phototools-devel] Bug#854978: closed by Debian FTP Masters <ftpmaster at ftp-master.debian.org> (reply to Andreas Tille <tille at debian.org>) (Bug#854978: fixed in netpbm-free 2:10.97.00-1)
Andreas Tille
tille at debian.org
Sun Mar 13 21:02:15 GMT 2022
Hi Salvatore,
Am Sun, Mar 13, 2022 at 09:33:01PM +0100 schrieb Salvatore Bonaccorso:
> > On Sun, Mar 13, 2022 at 10:24:16AM +0000, Debian Bug Tracking System wrote:
> > > CVE-2017-2579, CVE-2017-2580 and CVE-2017-2581 before 10.61 thus
> > > - Closes: #854978
> >
> > The before 10.61 is just because of the CVE description right? Note we
> > cannot rely on the CVE description, because they might reflect a
> > specific writing up in time and other aspects.
> >
> > Do we have an upstream revision indicating that those issues are
> > really fixed?
>
> For example, CVE-2017-2581 is probably
> https://sourceforge.net/p/netpbm/code/2989/ ? (which would only be in
> 10.78.05). So one really needs to be careful with description
> information and verify if those are true. If following the SuSE triage
> then *possibly* for two issues the fix is revision 2821 upstream,
> while for CVE-2017-2581 it would be the above.
I admit I just trusted the description without checking the code in
detail. If you think this is wrong I'm perfectly fine if you reopen the
bug.
> Thanks for looking into the update!
It was obviously very long overdue and I did my best in the limited
time span I was able to spent on this package.
Kind regards
Andreas.
--
http://fam-tille.de
More information about the Pkg-phototools-devel
mailing list