slirp / CVE-2020-7039 / CVE-2020-8608
I am seriously thinking that slirp from unstable should be ported as is
from sid to buster and stretch. This is not a new upstream version, it
has bug fixes and security updates only. Probably the same changes I
would have to make myself in fact. Such as replacing sprintf calls with
snprintf calls for example.
This would fix CVE-2020-7039 and provide the prerequisite to fixing
CVE-2020-8608.
Only thing, I am not sure what to do with the versioning:
stretch 1:1.0.17-8
buster 1:1.0.17-8
sid 1:1.0.17-10
In fact, because stretch and buster has the same version, does this mean
I can't make any security uploads to stretch?
On the other hand the security team has marked both these as no-DSA, in
buster meaning maybe I should do the same thing too?
--
Brian May <brian@linuxpenguins.xyz>
https://linuxpenguins.xyz/brian/
Reply to: