On 2019-03-31 19:57, Adam D. Barratt wrote:
Control: tags -1 + moreinfo
On Fri, 2019-03-15 at 11:23 +0100, Paul Slootman wrote:
There are a couple of CVEs that have been fixed by 3.1.2-1+deb9u2.
After discussing this with a member of the security team it was not
considered important enough to warrant a DSA, but it would be good if
it
could be included in a point release for stretch.
The changelog is:
* Apply CVEs from 2016 to the zlib code.
closes:#924509
The only change was the addition of 4 patches to the zlib code.
The uploaded version was compiled on a stretch system.
There doesn't appear to be an uploaded version anywhere that I can see.
This now happened, but
Please attach a source debdiff to this report.
this hasn't. If it had, I'd have asked you to rebuild the package so the
changelog didn't claim it was uploaded to stretch-security (I'm still
debating whether to do so anyway, as it'll be less confusing for users).
Regards,
Adam
