Package: src:http-parser Version: 2.8.1-1+deb10u1 Fixed: 2.9.4-1 Severity: important
As it became appearent in #996460, the fix for CVE-2019-15605 in Debian
introduced an ABI break, and unfortunately nobody noticed before the
stable point release on October 9th. Symptoms, at least for tang, are
segmentation faults. Data corruption might happen as well.
Workaround: Downgrade http-parser to the previous version 2.8.1-1,
or rebuild the affected packages.
Working on a resolution (worst case: Trigger a rebuild all ten packages
linked against http-parser) will be my chore as I managed to break
things in the first place.
Output of dd-list on the possibly affected packages below.
Christoph
Angus Lees <[email protected]>
cargo (U)
Aron Xu <[email protected]>
ocserv
Christoph Biedl <[email protected]>
tang
Debian Perl Group <[email protected]>
libgit-raw-perl
Debian Python Modules Team <[email protected]>
python-httptools
Debian Ruby Extras Maintainers
<[email protected]>
ruby-http-parser.rb
Debian SSSD Team <[email protected]>
sssd
Debian XMPP Maintainers <[email protected]>
jabberd2
Dima Kogan <[email protected]>
tcpflow
Dominik George <[email protected]>
sssd (U)
Luca Bruno <[email protected]>
cargo (U)
Marc Haber <[email protected]>
libgit-raw-perl (U)
Michael Fladischer <[email protected]>
python-httptools (U)
Mike Miller <[email protected]>
ocserv (U)
Per Andersson <[email protected]>
ruby-http-parser.rb (U)
Pirate Praveen <[email protected]>
libgit2 (U)
ruby-http-parser.rb (U)
Rust Maintainers <[email protected]>
cargo
Simon Josefsson <[email protected]>
jabberd2 (U)
Timo Aaltonen <[email protected]>
sssd (U)
Utkarsh Gupta <[email protected]>
libgit2
Vasudev Kamath <[email protected]>
cargo (U)
Ximin Luo <[email protected]>
cargo (U)
signature.asc
Description: PGP signature
