[Secure-testing-team] Bug#847485: unzip: CVE-2014-9913: buffer oveflowin "unzip -l" via list_files() in list.c
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 14 20:49:28 UTC 2016
Hi Santiago
On Wed, Dec 14, 2016 at 09:41:57PM +0100, Santiago Vila wrote:
> Hello Salvatore and security people.
>
> The fixed package for this CVE (and the other "twin" CVE) is in its
> way to unstable, but it will take 10 days.
First of all, thanks a lot for having worked on those issues and
fixing them!
> If we need a shorter time, we (well, secure-testing-team I suppose)
> can ask the release managers to reduce the time.
That's not needed IMHO for those fixes, they can migrate to testing
with the normal 10 days delay now.
> Will there be also a security upload for stable, or maybe I should try
> an upload for jessie-proposed-updates in the same way we did for "tre"?
> (which was low priority and did not deserve a DSA)
Yes exactly, actually no DSA is planned for those, so would be great
if you can schedule those as well via a jessie-pu upload.
Thanks again and regards,
Salvatore
More information about the Secure-testing-team
mailing list