Re: Security bugs in unmaintained/maintenerless librsvg

[Olav Vitters <olav vitters nl>]

 [ Adding security suse de ]

On Tue, Feb 03, 2015 at 09:30:30AM +0100, Dimstar / Dominique Leuenberger wrote:
> On Mon, 2015-02-02 at 12:15 +0100, Olav Vitters wrote:
> > On Mon, Feb 02, 2015 at 11:31:38AM +0100, Dimstar / Dominique Leuenberger wrote:
> > > On Sun, 2015-02-01 at 23:45 +0100, Olav Vitters wrote:
> > > > We've received various security bugs about librsvg. As that module is
> > > > unmaintained, these bugs have not been fixed. These bugs and various
> > > > others will be made public really soon. Possibly as of next week.
..]
> > > being part of a distribution team: do you have any information you can
> > > share on this topic or do we have to wait it to become fully public?
> > >
> > > Maybe we can even throw in some man power; worthy to be explored.
[..]
> > So one way to proceed would maybe be to some known opensuse security
> > person to security gnome org, then setup Bugzilla permissions as well.
[..]
> I passed this idea through the folks of the security team at SUSE and
> the idea was well received.
[..]
> Anything else you need to get this started?

I've added security suse de as a member to the
https://mail.gnome.org/mailman/listinfo/security-list mailing list
(make sure to always use security gnome org). If security suse de is
also a mailing list, make sure the settings are changed to understand
security gnome org 

Todo:
1. As security suse de has been subscribed, it should have received a
   password for it. Please change the password.
2. Feel free to download/read the archives.
3. I still need to setup Bugzilla permissions. You provided me with two
   contact persons, if they have accounts @ GNOME Bugzilla I'll change
   permissions (hopefully today).

-- 
Regards,
Olav