tags 931878 +pending thanks Hello Salvatore,
I have the libonig release 6.9.2 with both upstream fixes for the CVEs ready for upload. It is uploaded to mentors[1] and into the git[2]. Should the upload of the package be handled by the security team? Or can I take care of it myself? My changes: * New upstream release: - Refresh symbols file. - Refresh debian/patches/0100-source_typos.patch. * Rewrite debain/watch. * New debian/patches/0105-CVE-2019-13224.patch and debian/patches/0110-CVE-2019-13225.patch (Closes: #931878): - Fixes CVE-2019-13224 A use-after-free in onig_new_deluxe() in regext.c. - Fixes CVE-2019-13225 A NULL Pointer Dereference in match_at() in regexec.c. * Declare compliance with Debian Policy 4.4.0 (No changes needed). * Migrate to debhelper 12: - Change debian/compat to 12. - Bump minimum debhelper version in debian/control to >= 12. - debian/rules: Remove obsolete dh_install --fail-missing. CU Jörg -- New: GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D GPG key (long) : 09F89F3C8CA1D25D GPG Key : 8CA1D25D CAcert Key S/N : 0E:D4:56 Old pgp Key: BE581B6E (revoked since 2014-12-31). Jörg Frings-Fürst D-54470 Lieser git: https://jff.email/cgit/ Threema: SYR8SJXB Wire: @joergfringsfuerst Skype: joergpenguin Ring: jff Telegram: @joergfringsfuerst My wish list: - Please send me a picture from the nature at your home.