Il giorno gio 13 lug 2023 alle 19:07:28 +02:00:00, Salvatore Bonaccorso
ha scritto:
The issue (CVE-2023-26130) in fact does not warrant a DSA, cf. as well
already the status in
https://security-tracker.debian.org/tracker/CVE-2023-26130 .
Can you fix it please via an upcoming point release? If y
Hi Andrea,
On Thu, Jul 13, 2023 at 12:11:07PM +0200, Bastian Germann wrote:
> Am 13.07.23 um 12:09 schrieb Andrea Pappacoda:
> > Il giorno gio 13 lug 2023 alle 12:08:28 +02:00:00, Bastian Germann
> > ha scritto:
> > > 2.: Please email the security team with the debdiff instead.
> >
> > Ok, so th
Am 13.07.23 um 12:09 schrieb Andrea Pappacoda:
Il giorno gio 13 lug 2023 alle 12:08:28 +02:00:00, Bastian Germann
ha scritto:
2.: Please email the security team with the debdiff instead.
Ok, so they'll push it to the archive for me? Perfect!
They will tell you what to do. Sometimes they say
Il giorno gio 13 lug 2023 alle 12:08:28 +02:00:00, Bastian Germann
ha scritto:
2.: Please email the security team with the debdiff instead.
Ok, so they'll push it to the archive for me? Perfect!
Am 13.07.23 um 12:06 schrieb Andrea Pappacoda:
I'll re-do the updates more appropriately, roughly in this order:
1. Backport the fix in unstable, and push it to the archive
2. Backport the fix in bookworm-security, and push it to the archive
2.: Please email the security team with the debdiff
Il giorno gio 13 lug 2023 alle 08:46:47 +02:00:00, Bastian Germann
ha scritto:
The wasted effort is writing this paragraph. If you want me to
sponsor the upload you _must_ eliminate the unpublished revision.
Yesterday night I was pretty tired and lazy, but yeah, I'll do it now.
You do not nee
Am 13.07.23 um 00:40 schrieb Andrea Pappacoda:
I'd prefer not to remove the experimental 0.12 from the changelog, since
I have already uploaded everything to git and mentors. It's also
something that actually happened, but I simply didn't find a sponsor in
time and a new unstable release was pr
Il giorno mer 12 lug 2023 alle 14:19:34 +02:00:00, Bastian Germann
ha scritto:
When you fix the unstable version via a patch and later upgrade to a
new upstream version there is almost no additional work. So please go
that route.
Yeah but this time I had already upgraded to a new upstream ver
Am 12.07.23 um 11:31 schrieb Andrea Pappacoda:
On Mon, 12 Jun 2023 17:50:25 +0200 Bastian Germann wrote:
> Hi Andrea,
>
> As there was no upload to unstable after the bookworm version, just
upload an unstable 0.11.4+ds-2 with the upstream
> patch (excluding or backporting the test) and ment
On Mon, 12 Jun 2023 17:50:25 +0200 Bastian Germann
wrote:
> Hi Andrea,
>
> As there was no upload to unstable after the bookworm version, just
upload an unstable 0.11.4+ds-2 with the upstream
> patch (excluding or backporting the test) and mentioning the CVE in
the changelog. Then add a bookwo
Hi Salvatore, thanks for your report.
Il giorno dom 4 giu 2023 alle 21:13:04 +02:00:00, Salvatore Bonaccorso
ha scritto:
The following vulnerability was published for cpp-httplib.
CVE-2023-26130[0]:
| Versions of the package yhirose/cpp-httplib before 0.12.4 are
| vulnerable to CRLF Injection
Source: cpp-httplib
Version: 0.11.4+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cpp-httplib.
CVE-2023-26130[0]:
| Versions of the package yhirose/cpp-httplib before 0.12.4 are
| vulnerab
12 matches
Mail list logo
