> I am not in a position to assess that for you. You're the maintainer, you
> need to be able to vouch for your proposed upload.
Upstream dose not have VCS and not provide fix patch, and just
releases new version 7-Zip 23.01 as fix.
So, I can't guarantee the bug was fixed except new upstream
Control: tag -1 moreinfo
On Sun, Oct 15, 2023 at 12:55:48PM +0900, yokota wrote:
> Trivial autopkgtest was passed, but I don't know that this debdiff
> really fixes CVE-2023-31102 and CVE-2023-40481.
>
> Please examine attached debdiff.
I am not in a position to assess that for you. You're the
Hello Jonathan,
> The diff you attached is unreviewable:
> 979 files changed, 40347 insertions(+), 25060 deletions(-)
> Please prepare targetted fixes for the security issues.
Upstream dose not release fix patch, but they releases new version
(23.01) source code.
I was try to extract fix patch
Control: tag -1 moreinfo
On Tue, Sep 05, 2023 at 04:04:27AM +0900, YOKOTA Hiroshi wrote:
> [ Reason ]
> 1. Fix security issue
> CVE-2023-31102: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/
> CVE-2023-40481: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
>
> 2. Use
Hello,
> What are the isolated fixes for CVE-2023-40481 and CVE-2023-31102, is there
> some
> kind of public upstream VCS or can you ask upstream about it?
CVE site is not disclose info about this issue yet, but Zero Day
Initiative already disclose this issue.
> CVE-2023-31102:
On Tue, Sep 05, 2023 at 04:04:27AM +0900, YOKOTA Hiroshi wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: 7...@packages.debian.org, yokota.h...@gmail.com,
> b...@debian.org,
6 matches
Mail list logo