[Secure-testing-team] Bug#584653: CVE-2010-2055
Jonas Smedegaard
dr at jones.dk
Fri Dec 10 20:24:57 UTC 2010
On Fri, Dec 10, 2010 at 07:45:18PM +0100, Moritz Muehlenhoff wrote:
>On Thu, Dec 09, 2010 at 10:48:46PM -0500, Michael Gilbert wrote:
>> I've isolated and applied the patches needed to fix CVE-2010-2055 in
>> ghostscript. See attached debdiff.
>>
>> Would anyone be so kind to sponsor this? The package is at:
>> http://mentors.debian.net/debian/pool/main/g/ghostscript/
>
>I don't have time to sponsor this currently, but this should be
>uploaded with urgency=low, since there's the potential that
>applications rely on the old, broken behaviour.
>
>I also remember that Jonas is still considering to introduce
>Ghostscript 9.0 into Squeeze. Jonas, what's the current status?
Michael is right - release team apparently was following my work and
turned it down even before formally proposing it:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584653#132
@Michael: Sorry, I won't sponsor your patch. As stated earlier as well,
I consider myself incompetent juggling any more patches on top of the
8.71 stack.
You are quite welcome to join the ghostscript packaging team and take
responsibility of it yourself - for the full duration of the next stable
release cycle!
The packaging currently in experimental contains the minimal changeset I
felt comfortable releasing for Debian Squeeze. Now that it has been
turned down, my plan is to use the experimental branch for a continued
improvements cherry-picked from upstream VCS. If the release team
should change their minds, it is easy for me to revive the current work
and release it for unstable - if not (or the release of Squeeze) I will
avoid the unstable branch.
Kind regards, and thanks anyway for your contribution,
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20101210/97aee9d7/attachment.pgp>
More information about the Secure-testing-team
mailing list