[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DLA 2550-1: CVE-2020-27844: Patch present in source but not applied?

Hi Emilio,

On Tue, Mar 16, 2021 at 01:26:18PM +0100, Emilio Pozuelo Monfort wrote:
> Hi,
> On 15/03/2021 12:36, Salvatore Bonaccorso wrote:
> > Hi Brian, LTS team,
> > 
> > This was reported by the Ubuntu security team: The DLA 2550-1 update
> > was aiming to fix CVE-2020-27844 as well, but it looks that whilst a
> > patch is included in debian/patches the series files does not apply
> > it.
> > 
> > To be on safe side I have removed the listing for CVE-2020-27844 in
> > the DLA 2550-1, but please double-check if this is correct?
> I have taken a look and that version is not vulnerable to CVE-2020-27844, so
> removing it from DLA-2550-1 is correct. Thanks!
> I have added some clarification in data/CVE/list, buster isn't affected either.

Thanks for the analysis!


Reply to: