On Mon, Jun 27, 2022 at 10:29:20PM +0200, Helmut Grohne wrote:
> I am having difficulties understanding the process then. I was assuming
> that packages added to dla-needed.txt would need an update. If my
> understanding of the process is correct, an unimportant issue should be
> marked in data/CV
Hi Anton,
On Mon, Jun 27, 2022 at 09:12:11PM +0200, Anton Gladky wrote:
> Thus you can get an experience with dealing of such uploads. Anyway, for
> LTS we do not have any point releases. So basically it is possible to fix
> even those CVEs which are not DSA-considered. But for not-important issue
Hi Helmut,
I would propose that you are contacting the original openscad maintainer
and ask him, whether you can make a p-u upload for buster (if it is still
possible).
Thus you can get an experience with dealing of such uploads. Anyway, for
LTS we do not have any point releases. So basically it
On 23/06/2022 17:01, Helmut Grohne wrote:
Hi,
I've been looking into updating openscad in buster to fix CVE-2022-0496
and CVE-2022-0497. They're already fixed in bullseye and later. They are
input sanitization issues and CVE-2022-0496 needed a little porting of
the patch. I verified that the pro
Hi Helmut,
On Thu, Jun 23, 2022 at 8:33 PM Helmut Grohne wrote:
> I've been looking into updating openscad in buster to fix CVE-2022-0496
> and CVE-2022-0497. They're already fixed in bullseye and later. They are
> input sanitization issues and CVE-2022-0496 needed a little porting of
> the patch
Hi,
I've been looking into updating openscad in buster to fix CVE-2022-0496
and CVE-2022-0497. They're already fixed in bullseye and later. They are
input sanitization issues and CVE-2022-0496 needed a little porting of
the patch. I verified that the provided PoCs for CVE-2022-0496 do
trigger in a
