[arch-general] lcms - needs upgrade because of security
Hi, package lcms in extra is out of date for a long time now. Please upgrade at least to 1.19 to solve security issues: Multiple errors in LittleCMS allow for attacks including the remote execution of arbitrary code. http://www.gentoo.org/security/en/glsa/glsa-200904-19.xml -- kujub
Le samedi 14 août 2010 21:41:10, Kurt J. Bosch a écrit :
Hi,
package lcms in extra is out of date for a long time now. Please upgrade at least to 1.19 to solve security issues: Multiple errors in LittleCMS allow for attacks including the remote execution of arbitrary code. http://www.gentoo.org/security/en/glsa/glsa-200904-19.xml
-- kujub
You should fill a bugreport as there is security issues ++
Am 2010-08-14 21:48, schrieb Laurent Carlier:
You should fill a bugreport as there is security issues
No. Last time I did this it was rejected - http://bugs.archlinux.org/task/10679 - but I filed three other including patches right before I wrote about this one here. :)
On Sat, Aug 14, 2010 at 9:54 PM, Kurt J. Bosch <kjb-temp-2009@alpenjodel.de> wrote:
Am 2010-08-14 21:48, schrieb Laurent Carlier:
You should fill a bugreport as there is security issues
No. Last time I did this it was rejected - http://bugs.archlinux.org/task/10679
That reject was plain wrong, we should encourage users to give visibility to security updates. However that was 2 years ago, so please let me know if this happens again.
Am 2010-08-14 23:10, schrieb Xavier Chantry:
On Sat, Aug 14, 2010 at 9:54 PM, Kurt J. Bosch <kjb-temp-2009@alpenjodel.de> wrote:
Am 2010-08-14 21:48, schrieb Laurent Carlier:
You should fill a bugreport as there is security issues
No. Last time I did this it was rejected - http://bugs.archlinux.org/task/10679
That reject was plain wrong, Hmm, what about http://bugs.archlinux.org/ -> http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines -> Reasons_for_not_being_a_bug -> "A bug already fixed upstream but not in Arch because the package is not up-to-date." then ? we should encourage users to give visibility to security updates. I agree, you should. However that was 2 years ago, so please let me know if this happens again. I also violated the bug guidelines with FS# 20475, 20476 and 20477 yesterday, but two of them are already fixed now. So I will give it a try.
Am 2010-08-14 23:10, schrieb Xavier Chantry:
On Sat, Aug 14, 2010 at 9:54 PM, Kurt J. Bosch <kjb-temp-2009@alpenjodel.de> wrote:
Am 2010-08-14 21:48, schrieb Laurent Carlier:
You should fill a bugreport as there is security issues
No. Last time I did this it was rejected - http://bugs.archlinux.org/task/10679
That reject was plain wrong, we should encourage users to give visibility to security updates. However that was 2 years ago, so please let me know if this happens again.
On 15/08/10 07:10, Xavier Chantry wrote:
On Sat, Aug 14, 2010 at 9:54 PM, Kurt J. Bosch <kjb-temp-2009@alpenjodel.de> wrote:
Am 2010-08-14 21:48, schrieb Laurent Carlier:
You should fill a bugreport as there is security issues
No. Last time I did this it was rejected - http://bugs.archlinux.org/task/10679
That reject was plain wrong, we should encourage users to give visibility to security updates. However that was 2 years ago, so please let me know if this happens again.
I agree fully. Serious security issues in our packages should always be reported to the bug tracker even if the fix is just to update the package. It helps inform everyone about the issue and prioritize the update as being important for the developer involved. Allan
On 08/15/2010 03:16 PM, Allan McRae wrote:
On 15/08/10 07:10, Xavier Chantry wrote:
On Sat, Aug 14, 2010 at 9:54 PM, Kurt J. Bosch <kjb-temp-2009@alpenjodel.de> wrote:
Am 2010-08-14 21:48, schrieb Laurent Carlier:
You should fill a bugreport as there is security issues
No. Last time I did this it was rejected - http://bugs.archlinux.org/task/10679
That reject was plain wrong, we should encourage users to give visibility to security updates. However that was 2 years ago, so please let me know if this happens again.
I agree fully. Serious security issues in our packages should always be reported to the bug tracker even if the fix is just to update the package. It helps inform everyone about the issue and prioritize the update as being important for the developer involved.
Allan
i'll take care of this. -- Ionuț
participants (5)
-
Allan McRae
-
Ionuț Bîru
-
Kurt J. Bosch
-
Laurent Carlier
-
Xavier Chantry