[SECURITY] libwmf
Yaakov Selkowitz
yselkowitz@cygwin.com
Thu Jul 9 20:09:00 GMT 2015
On Mon, 2015-06-29 at 17:56 +0200, Dr. Volker Zell wrote:
> >>>>> Yaakov Selkowitz writes:
> > On Mon, 2015-06-08 at 15:42 -0500, Yaakov Selkowitz wrote:
> >> On Fri, 2015-06-05 at 03:17 -0500, Yaakov Selkowitz wrote:
> >> > Dr. Volker,
> >> >
> >> > A security vulnerability has been made public for libwmf:
> >> >
> >> > https://bugzilla.redhat.com/show_bug.cgi?id=1227243
> >>
> >> Actually, it's worse than that. Despite configuring with --with-sys-gd,
> >> libwmf is still being built with the bundled libgd (which has either an
> >> older or custom API) instead of the system one. Therefore, practically
> >> the entire patchset is required to fix all known vulnerabilities:
> >>
> >> http://pkgs.fedoraproject.org/cgit/libwmf.git/
>
> > Are you still with us?
>
> Yes, but NO time right now (plus upcoming vacation)
Understood, I've uploaded 0.2.8.4-15 with the complete patchset.
BTW, tzcode has been a bit neglected as of late, and it's the sort of
package that really needs to be kept timely (forgive the pun). Would
you mind if we took over maintainership?
--
Yaakov
More information about the Cygwin-apps
mailing list