On Fri, 5 Aug 2022 11:22:30 +0200 =?UTF-8?Q?IOhannes_m_zm=c3=b6lnig_=28Debian_GNU=7cLinux=29?= <umlae...@debian.org> wrote: > On Fri, 05 Aug 2022 09:41:46 +0100 Neil Williams > <codeh...@debian.org> wrote: > > The following vulnerability was published for v4l2loopback (and is > > not included in the recent v0.12.7 git tag). > > how so?
I got confused during the triage. My mistake. I initially marked the CVE as fixed in 0.12.7. > > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2022-2652 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2652 > > > > Please adjust the affected versions in the BTS as needed. > > as upstream, i strongly believe that the v0.12.7 release includes the > relevant fix. > is it enough t to just change the affected version or do I have to do > something else as well? The normal fix would be to mark the bug as notfound 0.12.7-1 and then close it without version information. The Debian Security Tracker provides the relevant information on which versions remain vulnerable. https://security-tracker.debian.org/tracker/source-package/v4l2loopback The Tracker has been changed to show 0.12.7-1 as the first version in Debian containing the fix for this CVE. No changes are required in the misfiled bug report. -- Neil Williams ============= https://linux.codehelp.co.uk/
pgp0Aun1WdBSd.pgp
Description: OpenPGP digital signature