Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Note: The list of people CC'd on this issue participated in the last
Permanent CC's: @joepie91, @phanimahesh, @the-kenny, @7c6f434c, @k0001
Notes on the list
Upon Completion ...
Without further ado...
Assorted (27 issues)
GraphicsMagick (2 issues)
kernel (3 issues)
libtiff (2 issues)
rtmpdump (2 issues)
@grahamc, we have another issue.
For emacs, if we simply only build the proper gtk UI, we should be fine and get rid of xwidgets.
I don't know about the others though.
The graphicsmagick CVEs are weird. They seem to rather apply to imagemagick. As OpenSUSE is generally lagging behind on security updates a bit compared to other distros and graphicsmagick has a revamped codebase, I don't think all those issues also apply to graphicsmagick and OpenSUSE made some kind of error here. In the Debian security tracker those CVEs were assigned to imagemagick and not to graphicsmagick.
From https://bugzilla.gnome.org/show_bug.cgi?id=752738: The page http://whatever.com has access to saved passwords of https://whatever.com. This was a very bad idea: it makes it easy to intercept passwords stored on secure websites, especially since we don't require any user interaction to fill in the password. No CVE has been assigned as of now. cc #22549
What a treat to wake up to!
@peterhoeg if we drop xwidgets, will that break emacs on darwin? ( @LnL7, @copumpkin ) After 17.03 releases, we should be in much closer shape to drop 24. I don't know that there is anything we can do about this for now :( maybe either: Debian has patches in this area?
GraphicsMagick / ImageMagick is always weird. The only way I can tell the difference is via version numbers being very different. I'll try and figure it out, but frequently I just go back and try and find out if we're behind in versions.
epiphany: "Thanks to Hussam for reporting this bug so quickly after it was introduced" seems to suggest it might not, indeed, be present in 3.20.