Bug#853134: CVE-2017-5617: svgSalamander

Sebastiaan Couwenberg sebastic at xs4all.nl
Thu Feb 2 06:44:50 UTC 2017


Control: tags -1 pending

On 02/01/2017 10:08 AM, Bas Couwenberg wrote:
> On 2017-02-01 09:35, Bas Couwenberg wrote:
>> Including the JOSM developers (josm-dev at openstreetmap.org) is also a
>> good idea, they (and Vincent Privat in particular) have contributed
>> patches to svgSalamander recently.
>>
>> I'll report the issue in the JOSM Trac since it also affects the
>> embedded copy in their upstream SVN repo.
> 
> JOSM issue: https://josm.openstreetmap.de/ticket/14319

Vicent Privat has fixed the issue for JOSM, and I've added a patch to
the svgsalamander Debian package with his changes.

We may want to include the regression test too, but I'm not sure how
that works in svgsalamander.

If we can't do that easily, we should just keep the patch as-is without
the regression tests that are included for JOSM.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1



More information about the pkg-java-maintainers mailing list