[Pkg-vala-maintainers] Bug#775913: Bug#775913: vala-0.26: CVE-2014-8154: Heap-buffer overflow in vala-gstreamer bindings at Gst.MapInfo()
Emilio Pozuelo Monfort
pochu at debian.org
Mon Feb 16 08:58:09 UTC 2015
On 15/02/15 13:24, Andreas Henriksson wrote:
> Hello Moritz Muehlenhoff.
>
> I'm pretty sure this is not the answer you're wishing to hear but I
> though it's better to give you some reply then not answer at all...
>
> On Thu, Feb 12, 2015 at 04:41:47PM +0100, Moritz Muehlenhoff wrote:
> [...]
>>> Heap-buffer overflow in vala-gstreamer bindings at Gst.MapInfo()
>>
>> What's the status?
>
> TTBOMK:
> Fixed in 0.26.2 currently available from experimental. Will likely be
> available (first in unstable+testing then) in backports archive after
> the Jessie release. There's a lack of people finding it useful to redo
> the upstream bugfix releases badly just because of debian policies or
> whatever the issue is with getting them into testing during freeze.
"Redoing" here means adding this patch:
https://git.gnome.org/browse/vala/commit/?h=0.26&id=22126ebad3b2133db39bcf301c29c8b78b440f1a
I'll see if I can do it sometime this week, if nobody beats me to it.
If any NMU-ers read this, feel free to upload without prior notice. Just
remember to send a debdiff of what you upload :)
Cheers,
Emilio
More information about the Pkg-vala-maintainers
mailing list