Hi Xavier, On Wed, Jan 23, 2019 at 09:46:44PM +0100, Xavier wrote: > Le 23/01/2019 à 20:57, Salvatore Bonaccorso a écrit : > > Control: tags -1 + fixed-upstream > > Control: tags -1 - patch > > > > Hi Xavier, > > > > On Wed, Jan 23, 2019 at 09:18:36AM +0100, Xavier wrote: > >> Hello, > >> > >> Debian bug is tagged as "patch", but I didn't find any patch in the > >> related documents. Can you give me the link to patch ? > > > > Well you are right, not a patch per se, maybe fixed-upstream and > > "there is a patch" would have been better. Let me fix that. > > > > If feasible possibly updating to the new upstream version fixing this > > CVE (and two other) would be better if still feasible so short before > > the soft freeze. > > > > Regards, > > Salvatore > > Hello, > > looking at last release changelog, bug seems not fixed
Cf. https://www.openwall.com/lists/oss-security/2019/01/22/4, where it is fixed in 2.4.38 upstream. HTH, Regards, Salvatore
