Hi Adam! On Sa, 25 Jan 2020, Adam D. Barratt wrote:
> On Tue, 2020-01-07 at 20:16 +0100, Roland Rosenfeld wrote: > > While 3.2.7a-5+deb10u2 is currently in proposed-updates I prepared > > another update (deb10u3) fixing CVE-2019-19746 and CVE-2019-19797 as > > well as 6 further segfaults, which are only in upstream tracker and > > don't have a CVE: > > https://sourceforge.net/p/mcj/tickets/58 > > https://sourceforge.net/p/mcj/tickets/59 > > https://sourceforge.net/p/mcj/tickets/61 > > https://sourceforge.net/p/mcj/tickets/62 > > https://sourceforge.net/p/mcj/tickets/78 > > https://sourceforge.net/p/mcj/tickets/79 > > Are those additional upstream fixes already included in the package in > unstable? Yes, 43_fgets2getline.patch from 3.2.7a-5+deb10u3, which fixes all these issues is nearly identical to 32_fgets2getline.patch from 3.2.7b-3, which is available in sid and bullseye. Greetings Roland
signature.asc
Description: PGP signature
