Hi Anton,
On Mon, Jun 27, 2022 at 09:12:11PM +0200, Anton Gladky wrote:
> Thus you can get an experience with dealing of such uploads. Anyway, for
> LTS we do not have any point releases. So basically it is possible to fix
> even those CVEs which are not DSA-considered. But for not-important
Hi Helmut,
I would propose that you are contacting the original openscad maintainer
and ask him, whether you can make a p-u upload for buster (if it is still
possible).
Thus you can get an experience with dealing of such uploads. Anyway, for
LTS we do not have any point releases. So basically it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 26 Jun 2022 12:03:02 +0200
Source: blender
Binary: blender blender-data blender-dbg
Architecture: source all amd64
Version: 2.79.b+dfsg0-1~deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Multimedia
On Mon, Jun 27, 2022 at 04:01:46PM +0200, Enrico Zini wrote:
> Hello,
>
> every once in a while I have a look at sox, which has many CVEs open and
> no updates since 3 months, wondering what could be done about it.
>
> It seems that all the CVEs have reproducers but not patches. Should I
> try
Hello,
On Mon, Jun 27, 2022 at 04:01:46PM +0200, Enrico Zini wrote:
> Alternatively, is it worth reaching out to those who have sox installed
> to figure out what they are using it for, and reassess those
> vulnerabilities based on the kind of exposure that sox is actually
> having?
I am for
Hello,
every once in a while I have a look at sox, which has many CVEs open and
no updates since 3 months, wondering what could be done about it.
It seems that all the CVEs have reproducers but not patches. Should I
try to work on patches for some of them? I don't mind doing it but it
may be
On 23/06/2022 17:01, Helmut Grohne wrote:
Hi,
I've been looking into updating openscad in buster to fix CVE-2022-0496
and CVE-2022-0497. They're already fixed in bullseye and later. They are
input sanitization issues and CVE-2022-0496 needed a little porting of
the patch. I verified that the
