slirp / CVE-2020-7039 / CVE-2020-8608
I am seriously thinking that slirp from unstable should be ported as is
from sid to buster and stretch. This is not a new upstream version, it
has bug fixes and security updates only. Probably the same changes I
would have to make myself in fact. Such as replacing sprintf calls with
snprintf calls for example.
This would fix CVE-2020-7039 and provide the prerequisite to fixing
Only thing, I am not sure what to do with the versioning:
In fact, because stretch and buster has the same version, does this mean
I can't make any security uploads to stretch?
On the other hand the security team has marked both these as no-DSA, in
buster meaning maybe I should do the same thing too?
Brian May <firstname.lastname@example.org>