Re: Security bugs in unmaintained/maintenerless librsvg

 [ Adding security suse de ]

On Tue, Feb 03, 2015 at 09:30:30AM +0100, Dimstar / Dominique Leuenberger wrote:
On Mon, 2015-02-02 at 12:15 +0100, Olav Vitters wrote:
On Mon, Feb 02, 2015 at 11:31:38AM +0100, Dimstar / Dominique Leuenberger wrote:
On Sun, 2015-02-01 at 23:45 +0100, Olav Vitters wrote:
We've received various security bugs about librsvg. As that module is
unmaintained, these bugs have not been fixed. These bugs and various
others will be made public really soon. Possibly as of next week.
being part of a distribution team: do you have any information you can
share on this topic or do we have to wait it to become fully public?

Maybe we can even throw in some man power; worthy to be explored.
So one way to proceed would maybe be to some known opensuse security
person to security gnome org, then setup Bugzilla permissions as well.
I passed this idea through the folks of the security team at SUSE and
the idea was well received.
Anything else you need to get this started?

I've added security suse de as a member to the mailing list
(make sure to always use security gnome org). If security suse de is
also a mailing list, make sure the settings are changed to understand
security gnome org 

1. As security suse de has been subscribed, it should have received a
   password for it. Please change the password.
2. Feel free to download/read the archives.
3. I still need to setup Bugzilla permissions. You provided me with two
   contact persons, if they have accounts @ GNOME Bugzilla I'll change
   permissions (hopefully today).


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]