Bug#1034558: rnp: CVE-2023-29479 VE-2023-29480
On Wed 2023-05-24 07:32:31 +0200, Salvatore Bonaccorso wrote: > Thanks! Note the deadline for unblock requests will be on 28th. So the > unblock needs to be granted by then so we have the fixes in bookworm. The associated unblock request for 1034558 is #1036721 --dkg signature.asc Description: PGP signature
Bug#1034558: rnp: CVE-2023-29479 VE-2023-29480
Hi Daniel, On Tue, May 23, 2023 at 06:29:43PM -0400, Daniel Kahn Gillmor wrote: > In https://bugs.debian.org/1034558, Salvatore Bonaccorso wrote: > > > Source: rnp > > Version: 0.16.2-1 > > Severity: grave > > Tags: security upstream > > Justification: user security hole > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > > > Thanks for tracking this in the BTS, Salvatore. > > I aim to have 0.16.3 (which is a targeted upstream release with a very > narrow set of changes) uploaded to unstable in the next day or two. Thanks! Note the deadline for unblock requests will be on 28th. So the unblock needs to be granted by then so we have the fixes in bookworm. Thanks for your work! Salvatore
Bug#1034558: rnp: CVE-2023-29479 VE-2023-29480
In https://bugs.debian.org/1034558, Salvatore Bonaccorso wrote: > Source: rnp > Version: 0.16.2-1 > Severity: grave > Tags: security upstream > Justification: user security hole > X-Debbugs-Cc: car...@debian.org, Debian Security Team > Thanks for tracking this in the BTS, Salvatore. I aim to have 0.16.3 (which is a targeted upstream release with a very narrow set of changes) uploaded to unstable in the next day or two. --dkg signature.asc Description: PGP signature
Bug#1034558: rnp: CVE-2023-29479 VE-2023-29480
Source: rnp Version: 0.16.2-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team *** /tmp/rnp.reportbug Package: rnp X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for rnp, [0] and [1]. The first one was as well affecting mentioned in the recent thunderbird mfsa. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-29479 https://www.cve.org/CVERecord?id=CVE-2023-29479 [1] https://security-tracker.debian.org/tracker/CVE-2023-29480 https://www.cve.org/CVERecord?id=CVE-2023-29480 [2] https://www.rnpgp.org/blog/2023-04-13-rnp-release-0-16-3/ Regards, Salvatore