Re: Security bugs in unmaintained/maintenerless librsvg
- From: Dimstar / Dominique Leuenberger <dimstar opensuse org>
- To: Olav Vitters <olav vitters nl>, Johannes Segitz <jsegitz suse com>
- Cc: release-team gnome org, security suse de
- Subject: Re: Security bugs in unmaintained/maintenerless librsvg
- Date: Tue, 03 Feb 2015 12:01:29 +0100
Thanks a lot Olav!
On Tue, 2015-02-03 at 11:55 +0100, Olav Vitters wrote:
[ Adding security suse de ]
On Tue, Feb 03, 2015 at 09:30:30AM +0100, Dimstar / Dominique Leuenberger wrote:
On Mon, 2015-02-02 at 12:15 +0100, Olav Vitters wrote:
On Mon, Feb 02, 2015 at 11:31:38AM +0100, Dimstar / Dominique Leuenberger wrote:
On Sun, 2015-02-01 at 23:45 +0100, Olav Vitters wrote:
We've received various security bugs about librsvg. As that module is
unmaintained, these bugs have not been fixed. These bugs and various
others will be made public really soon. Possibly as of next week.
..]
being part of a distribution team: do you have any information you can
share on this topic or do we have to wait it to become fully public?
Maybe we can even throw in some man power; worthy to be explored.
[..]
So one way to proceed would maybe be to some known opensuse security
person to security gnome org, then setup Bugzilla permissions as well.
[..]
I passed this idea through the folks of the security team at SUSE and
the idea was well received.
[..]
Anything else you need to get this started?
I've added security suse de as a member to the
https://mail.gnome.org/mailman/listinfo/security-list mailing list
(make sure to always use security gnome org). If security suse de is
also a mailing list, make sure the settings are changed to understand
security gnome org
Todo:
1. As security suse de has been subscribed, it should have received a
password for it. Please change the password.
2. Feel free to download/read the archives.
3. I still need to setup Bugzilla permissions. You provided me with two
contact persons, if they have accounts @ GNOME Bugzilla I'll change
permissions (hopefully today).
@Johannes, can you please let Olav know if you and/or Marcus have a
bugzilla.gnome.org account he can authorize you on?
Cheers!
--
Dimstar / Dominique Leuenberger <dimstar opensuse org>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]