Control: fixed -1 2:19.3+dfsg1-1 Control: found -1 2:19.1+dfsg2-2~bpo10+1-1
Hi Salvatore! This bug was fixed in 19.3 upstream, and the sid/bookworm version is not vulnerable. I would like to upload 19.3 to stable-pu or stable-sec but the approval from SRM is pending for 19.2. Is it possible to upload 2:19.3+dfsg1-1 to stable-sec as a whole package? Or I have to apply the patch for 2:19.1+dfsg2-2 and upload -3? -- Vasyl Gello ================================================== Certified SolidWorks Expert Mob.:+380 (98) 465 66 77 E-Mail: vasek.ge...@gmail.com Skype: vasek.gello ================================================== 호랑이는 죽어서 가죽을 남기고 사람은 죽어서 이름을 남긴다 3 листопада 2021 р. 21:43:31 UTC, Salvatore Bonaccorso <car...@debian.org> написав(-ла): >Source: kodi >Version: 2:19.3+dfsg1-1 >Severity: important >Tags: security upstream >Forwarded: https://github.com/xbmc/xbmc/issues/20305 >X-Debbugs-Cc: car...@debian.org, Debian Security Team ><t...@security.debian.org> > >Hi, > >The following vulnerability was published for kodi. > >CVE-2021-42917[0]: >| Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows >| attackers to cause a denial of service due to improper length of >| values passed to istream. > > >If you fix the vulnerability please also make sure to include the >CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > >For further information see: > >[0] https://security-tracker.debian.org/tracker/CVE-2021-42917 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42917 >[1] https://github.com/xbmc/xbmc/issues/20305 >[2] >https://github.com/xbmc/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237 > >Please adjust the affected versions in the BTS as needed. > >Regards, >Salvatore >