[xml/sgml-pkgs] Bug#679280: Bug#679280: CVE-2012-2807
Michael Gilbert
mgilbert at debian.org
Mon Jul 2 21:08:01 UTC 2012
On Sun, Jul 1, 2012 at 3:55 AM, Aron Xu wrote:
>
> On Jul 1, 2012 5:24 AM, "Michael Gilbert" <mgilbert at debian.org> wrote:
>>
>> > I'm still investigating the problem and more details about it are
>> > welcomed, please don't NMU for either unstable or stable.
>>
>> Why? This kind of statement requires some kind of justification (such
>> as the proposed commit is incomplete or wrong or something like that).
>> Otherwise, why slow down others trying to help?
>>
>> Best wishes,
>> Mike
>>
>
> Actually I am not very willing to apply random patch without upstream
> acknowledgement or a clear statement of what problem it tries to fix. For
> this very issue, the solution is not clear to me about what problem it's
> trying to mitigate, and at the same time looks ugly on hard coding a magic
> size of 1024*1024*512 without a proper description. So I ask people don't
> NMU and give me more time to investigate.
As the new maintainer, you should probably request access to the
chromium security mailing list since they tend to find a lot of the
security issues disclosed for libxml2.
Best wishes,
Mike
More information about the debian-xml-sgml-pkgs
mailing list