emacs-bug-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#27519: closed (Podofo security bugs)


From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#27519: closed (Podofo security bugs)
Date: Mon, 04 Feb 2019 23:35:02 +0000

Your message dated Tue, 5 Feb 2019 00:34:01 +0100
with message-id <address@hidden>
and subject line Re: Podofo security bugs
has caused the debbugs.gnu.org bug report #27519,
regarding Podofo security bugs
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
27519: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27519
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: Podofo security bugs Date: Wed, 28 Jun 2017 11:49:23 -0400 User-agent: Mutt/1.8.3 (2017-05-23)
There were some bugs with security implications reported in Podofo
recently:

http://seclists.org/oss-sec/2017/q2/0
http://seclists.org/oss-sec/2017/q2/1
http://seclists.org/oss-sec/2017/q2/2

I noticed some fixes committed to the Podofo SVN repo:

https://sourceforge.net/p/podofo/mailman/podofo-svn/?viewmonth=201706

We need to try to cherry-pick these fixes.

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- Subject: Re: Podofo security bugs Date: Tue, 5 Feb 2019 00:34:01 +0100 User-agent: Mutt/1.11.2 (2019-01-07)
We have since packaged a new release of PoDoFo (0.9.6) which apparently
fixed many bugs.

The PoDoFo team does not write changelogs or any sort of release
announcement file. Their SVN repo includes several commits like "Fix
CVE-XXX" followed by "Really fix CVE-XXX".

Since PoDoFo is not widely used in Guix (only by calibre and Scribus),
I'm not going to dig in to whether or not these bugs are really fixed or
not in the current Guix package.

At this point, this bug report is not helping us much, so I am closing
it :)

Attachment: signature.asc
Description: PGP signature


--- End Message ---

reply via email to

[Prev in Thread] Current Thread [Next in Thread]