[Pkg-privacy-maintainers] Fixing MAT bug #826101 in Jessie [Was: mat bug #826101 in Wheezy (embeded images in PDFs)]
intrigeri
intrigeri at debian.org
Mon Oct 24 11:49:14 UTC 2016
Hi security team!
[dropping debian-lts at l.d.o from the list of recipients]
Context: this is about
https://security-tracker.debian.org/tracker/TEMP-0826101-4D75EC
that was "fixed" in sid and wheezy-security already.
intrigeri:
> Jonas Meurer:
>> Am 22.09.2016 um 09:48 schrieb intrigeri:
>> As you might have noticed: I finally uploaded mat 0.3.2-1+deb7u1 to
>> wheezy-security, disabling PDF support alltogether.
> Thanks!
>>> For Jessie (and wheezy-backports), I wanted to wait a bit first to
>>> give Julien (upstream) some time to fix the problem without disabling
>>> PDF support, and in a way that we can backport to (at least) Jessie.
>>> If there's no upstream fix available within a month from now, then
>>> I agree we should go ahead and do that in Jessie too. Julien, any ETA?
>> Given that Julien didn't reply to your mail yet and it doesn't seem like
>> a proper fix (e.g. a solution to anonymize metadata of embedded images
>> in PDFs) is underway, I suggest to go ahead with the dirty - but secure
>> - solution to disable PDF support at mat in Jessie as well.
> OK. I'd like to wait until the deadline I've set for Julien has been
> reached (that's in 11 days now), and then I can handle it either via
> DSA or jessie-pu, as the security team prefers.
I am preparing an updated package that disables PDF support for Jessie
as we speak.
I see that you've tagged this problem no-dsa on the security tracker.
Is this final, and therefore I should talk to the release team about
an upload to jessie-pu? Or is a DSA still an option?
Cheers,
--
intrigeri
More information about the Pkg-privacy-maintainers
mailing list