Hello Jonathan, > The diff you attached is unreviewable: > 979 files changed, 40347 insertions(+), 25060 deletions(-) > Please prepare targetted fixes for the security issues.
Upstream dose not release fix patch, but they releases new version (23.01) source code. I was try to extract fix patch from diff file of 22.01..23.01 source code. Trivial autopkgtest was passed, but I don't know that this debdiff really fixes CVE-2023-31102 and CVE-2023-40481. Please examine attached debdiff. diff stat: changelog | 8 patches/0009-CVE-2023-40481-fix.patch | 253 ++++++++++ patches/0010-CVE-2023-31102-fix.patch | 856 ++++++++++++++++++++++++++++++++++ patches/series | 2 4 files changed, 1119 insertions(+) -- YOKOTA Hiroshi
7zip_22.01+dfsg-8+deb12u1.debdiff
Description: Binary data
