Re: potrace

To: Brian May <brian@linuxpenguins.xyz>
Cc: debian-lts@lists.debian.org
Subject: Re: potrace
From: Hugo Lefeuvre <hle@debian.org>
Date: Mon, 8 May 2017 10:03:03 +0200
Message-id: <[🔎] 20170508080303.pl4octz7ttv3jqqq@hle-laptop.local>
In-reply-to: <[🔎] 87fugfvllh.fsf@prune.linuxpenguins.xyz>
References: <[🔎] 87fugfvllh.fsf@prune.linuxpenguins.xyz>

> This is the potrace 0.14 diff, which supposedly resolves CVE-2016-8685
> and CVE-2016-8686 (which was previously described as not a bug in
> #843861).
> 
> Unfortunately, it is somewhat large...
> 
> https://github.com/skyrpex/potrace/commit/b3fce824046abcc0465deb5596d4556b132c77aa

It looks like most of the changes are not related to the CVEs.

And the part fixing CVE-2016-8685 is identical to the patch that was
already used in stretch (which is buggy in wheezy).

Cheers,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Reply to:

Follow-Ups:
- Re: potrace
  - From: Brian May <bam@debian.org>

References:
- potrace
  - From: Brian May <brian@linuxpenguins.xyz>

Prev by Date: potrace
Next by Date: Re: potrace
Previous by thread: potrace
Next by thread: Re: potrace
Index(es):
- Date
- Thread