Re: [buster] CVE-2022-46871: libusrsctp maybe backporting a new version ?

To: Ben Hutchings <ben@decadent.org.uk>
Cc: roucaries bastien <roucaries.bastien+debian@gmail.com>, Ola Lundqvist <ola@inguza.com>, security <security@debian.org>, Bastien Roucariès <rouca@debian.org>, "dr@jones.dk" <dr@jones.dk>, debian-lts <debian-lts@lists.debian.org>, roberto@freexian.com
Subject: Re: [buster] CVE-2022-46871: libusrsctp maybe backporting a new version ?
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 19 Jun 2023 20:41:47 +0200
Message-id: <[🔎] 20230619184147.GA27748@inutil.org>
In-reply-to: <[🔎] a8af4f8be55480c8ac12c8247d02820b34a0589c.camel@decadent.org.uk>
References: <[🔎] 2094040.QQobVyZjho@portable-bastien> <[🔎] CABY6=0=hBHb01xhz9ST5oVJG3XaybpF=SyLfk7qx5v8ggKRaQg@mail.gmail.com> <[🔎] CAE2SPAYEnu3t-CJO5_PCXYjLyQakD5u2unUAfHZ01RDsNzh22A@mail.gmail.com> <[🔎] a8af4f8be55480c8ac12c8247d02820b34a0589c.camel@decadent.org.uk>

On Mon, Jun 19, 2023 at 07:40:30PM +0200, Ben Hutchings wrote:
> On Mon, 2023-06-19 at 11:02 +0000, roucaries bastien wrote:
> > Le dim. 18 juin 2023 à 19:16, Ola Lundqvist <ola@inguza.com> a écrit :
> > [adding security team]
> [...]
> > 
> > > You mention rebuild all reverse dependencies. Well I do not find any
> > > within Debian.
> > > This makes it even less important to fix it.
> > 
> > Yes, but for firefox it is embeded (code duplication not nice). May be
> > (so copy security team) deemded it and link to the lib. Less work
> 
> So we can expect Firefox upstream to update their copy.

Firefox has updated their copy about half year ago, this is how this
issue become publicly known in the first place.

Cheers,
        Moritz

Reply to:

References:
- [buster] CVE-2022-46871: libusrsctp maybe backporting a new version ?
  - From: Bastien Roucariès <rouca@debian.org>
- Re: [buster] CVE-2022-46871: libusrsctp maybe backporting a new version ?
  - From: Ola Lundqvist <ola@inguza.com>
- Re: [buster] CVE-2022-46871: libusrsctp maybe backporting a new version ?
  - From: roucaries bastien <roucaries.bastien+debian@gmail.com>
- Re: [buster] CVE-2022-46871: libusrsctp maybe backporting a new version ?
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: [buster] CVE-2022-46871: libusrsctp maybe backporting a new version ?
Next by Date: Re: Request for suggestions/opinion about triaging decision for renderdoc
Previous by thread: Re: [buster] CVE-2022-46871: libusrsctp maybe backporting a new version ?
Next by thread: Re: RFC: php-cas
Index(es):
- Date
- Thread