Bug#977782: buster-pu: package postsrsd/1.5-2

To: Oxan van Leeuwen <oxan@oxanvanleeuwen.nl>, 977782@bugs.debian.org
Subject: Bug#977782: buster-pu: package postsrsd/1.5-2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 31 Dec 2020 17:11:13 +0000
Message-id: <[🔎] 2777b49ec9c984b784c0fe30e6f9897fd0c0c1e0.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 977782@bugs.debian.org
In-reply-to: <[🔎] 160849368648.12701.9198143416705134562.reportbug@thomson.student.utwente.nl>
References: <[🔎] 160849368648.12701.9198143416705134562.reportbug@thomson.student.utwente.nl> <[🔎] 160849368648.12701.9198143416705134562.reportbug@thomson.student.utwente.nl>

Control: tags -1 + confirmed

On Sun, 2020-12-20 at 20:48 +0100, Oxan van Leeuwen wrote:
> Upstream recently discovered a potential remote denial-of-service
> attack in  postsrsd (CVE-2020-35573) [1]. Fortunately, this issue is
> currently not  exploitable in Debian due to gcc optimizing the
> problematic loop away. Thus, the  security has decided not to issue a
> DSA [2], but instead suggested to fix it 
> through a stable update.
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#977782: buster-pu: package postsrsd/1.5-2
  - From: Oxan van Leeuwen <oxan@oxanvanleeuwen.nl>

Prev by Date: Processed: Re: Bug#977782: buster-pu: package postsrsd/1.5-2
Next by Date: Bug#978157: buster-pu: package iproute2/4.20.0-2+deb10u1
Previous by thread: Processed: Re: Bug#977782: buster-pu: package postsrsd/1.5-2
Next by thread: Bug#977812: transition: linphone-stack
Index(es):
- Date
- Thread