tags 931878 +pending
thanks

Hello Salvatore,

I have the libonig release 6.9.2 with both upstream fixes for the CVEs
ready for upload.

It is uploaded to mentors[1] and into the git[2].

Should the upload of the package be handled by the security team? 
Or can I take care of it myself? 

My changes:

  * New upstream release:
    - Refresh symbols file.
    - Refresh debian/patches/0100-source_typos.patch.
  * Rewrite debain/watch.
  * New debian/patches/0105-CVE-2019-13224.patch and
      debian/patches/0110-CVE-2019-13225.patch (Closes: #931878):
    - Fixes CVE-2019-13224 A use-after-free in onig_new_deluxe() in regext.c.
    - Fixes CVE-2019-13225 A NULL Pointer Dereference in match_at()
       in regexec.c.
  * Declare compliance with Debian Policy 4.4.0 (No changes needed).
  * Migrate to debhelper 12:
    - Change debian/compat to 12.
    - Bump minimum debhelper version in debian/control to >= 12.
    - debian/rules: Remove obsolete dh_install --fail-missing.

CU
Jörg


-- 
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key        : 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser


git:      https://jff.email/cgit/

Threema:  SYR8SJXB
Wire:     @joergfringsfuerst
Skype:    joergpenguin
Ring:     jff
Telegram: @joergfringsfuerst


My wish list: 
 - Please send me a picture from the nature at your home.

Reply via email to