Hello,
> And here is debdiff file to show updated part in "debian" directory.
> All of difference can be examine from salsa.
> > https://salsa.debian.org/debian/7zip/-/compare/debian%2F22.01+dfsg-8...bookworm-update
I was update my debdiff to set update urgency status to "high" because
this is a
Hello,
I want to update Debian 12 with 7zip 23.07 to fix these security issues.
* CVE-2023-31102
* CVE-2023-40481
* CVE-2023-52168
* CVE-2023-52169
And here is debdiff file to show updated part in "debian" directory.
All of difference can be examine from salsa.
>
Processing commands for cont...@bugs.debian.org:
> retitle 1051232 bookworm-pu: package 7zip/24.07+dfsg-1~deb12u1
Bug #1051232 [release.debian.org] bookworm-pu: package 7zip/22.01+dfsg-8+deb12u1
Changed Bug title to 'bookworm-pu: package 7zip/24.07+dfsg-1~deb12u1' from
'bookworm-pu: package
> I am not in a position to assess that for you. You're the maintainer, you
> need to be able to vouch for your proposed upload.
Upstream dose not have VCS and not provide fix patch, and just
releases new version 7-Zip 23.01 as fix.
So, I can't guarantee the bug was fixed except new upstream
Processing control commands:
> tag -1 moreinfo
Bug #1051232 [release.debian.org] bookworm-pu: package 7zip/22.01+dfsg-8+deb12u1
Added tag(s) moreinfo.
--
1051232: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051232
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tag -1 moreinfo
On Sun, Oct 15, 2023 at 12:55:48PM +0900, yokota wrote:
> Trivial autopkgtest was passed, but I don't know that this debdiff
> really fixes CVE-2023-31102 and CVE-2023-40481.
>
> Please examine attached debdiff.
I am not in a position to assess that for you. You're the
Processing commands for cont...@bugs.debian.org:
> retitle 1051232 bookworm-pu: package 7zip/22.01+dfsg-8+deb12u1
Bug #1051232 [release.debian.org] bookworm-pu: package 7zip/23.01+dfsg-3~deb12u1
Changed Bug title to 'bookworm-pu: package 7zip/22.01+dfsg-8+deb12u1' from
'bookworm-pu: package
Hello Jonathan,
> The diff you attached is unreviewable:
> 979 files changed, 40347 insertions(+), 25060 deletions(-)
> Please prepare targetted fixes for the security issues.
Upstream dose not release fix patch, but they releases new version
(23.01) source code.
I was try to extract fix patch
Processing control commands:
> tag -1 moreinfo
Bug #1051232 [release.debian.org] bookworm-pu: package 7zip/23.01+dfsg-3~deb12u1
Added tag(s) moreinfo.
--
1051232: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051232
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tag -1 moreinfo
On Tue, Sep 05, 2023 at 04:04:27AM +0900, YOKOTA Hiroshi wrote:
> [ Reason ]
> 1. Fix security issue
> CVE-2023-31102: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/
> CVE-2023-40481: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
>
> 2. Use
Hello,
> What are the isolated fixes for CVE-2023-40481 and CVE-2023-31102, is there
> some
> kind of public upstream VCS or can you ask upstream about it?
CVE site is not disclose info about this issue yet, but Zero Day
Initiative already disclose this issue.
> CVE-2023-31102:
On Tue, Sep 05, 2023 at 04:04:27AM +0900, YOKOTA Hiroshi wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: 7...@packages.debian.org, yokota.h...@gmail.com,
> b...@debian.org,
12 matches
Mail list logo
