[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

slirp / CVE-2020-7039 / CVE-2020-8608

I am seriously thinking that slirp from unstable should be ported as is
from sid to buster and stretch. This is not a new upstream version, it
has bug fixes and security updates only. Probably the same changes I
would have to make myself in fact. Such as replacing sprintf calls with
snprintf calls for example.

This would fix CVE-2020-7039 and provide the prerequisite to fixing

Only thing, I am not sure what to do with the versioning:

stretch 1:1.0.17-8
buster  1:1.0.17-8
sid     1:1.0.17-10

In fact, because stretch and buster has the same version, does this mean
I can't make any security uploads to stretch?

On the other hand the security team has marked both these as no-DSA, in
buster meaning maybe I should do the same thing too?
Brian May <brian@linuxpenguins.xyz>

Reply to: