Bug#977782: buster-pu: package postsrsd/1.5-2
- To: Oxan van Leeuwen <oxan@oxanvanleeuwen.nl>
- Cc: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 977782@bugs.debian.org
- Subject: Bug#977782: buster-pu: package postsrsd/1.5-2
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sat, 30 Jan 2021 21:27:41 +0100
- Message-id: <YBXBPSKLi/jCTFvx@eldamar.lan>
- Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 977782@bugs.debian.org
- In-reply-to: <2777b49ec9c984b784c0fe30e6f9897fd0c0c1e0.camel@adam-barratt.org.uk>
- References: <160849368648.12701.9198143416705134562.reportbug@thomson.student.utwente.nl> <160849368648.12701.9198143416705134562.reportbug@thomson.student.utwente.nl> <2777b49ec9c984b784c0fe30e6f9897fd0c0c1e0.camel@adam-barratt.org.uk> <160849368648.12701.9198143416705134562.reportbug@thomson.student.utwente.nl>
hi Oxan,
On Thu, Dec 31, 2020 at 05:11:13PM +0000, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Sun, 2020-12-20 at 20:48 +0100, Oxan van Leeuwen wrote:
> > Upstream recently discovered a potential remote denial-of-service
> > attack in postsrsd (CVE-2020-35573) [1]. Fortunately, this issue is
> > currently not exploitable in Debian due to gcc optimizing the
> > problematic loop away. Thus, the security has decided not to issue a
> > DSA [2], but instead suggested to fix it
> > through a stable update.
> >
>
> Please go ahead.
I noticed that today there was an upload to security-master for it.
Given our previous discussion, was this an oversight? I just have
rejected the package, could you please upload it for the upcoming
point release instead to ftp-master?
Regards,
Salvatore
Reply to: