Hello Andreas,
A fix for the vulnerabilities listed was included by upstream in htslib 1.9, and therefore the Debian package for htslib 1.9-1 and onwards is no longer vulnerable to the listed CVEs.
Hi Michael,
it is not clear to me what this means: Do you intend to upload a fixed
package or do you expect somebody else to take action (and if the latter
what action exactly).
Kind regards
Andreas.
On Sun, Dec 09, 2018 at 11:29:47AM +0900, Michael Crusoe wrote:
> [adding the Debian Med Project List <debian-med@lists.debian.org> in CC]
>
> În dum., 9 dec. 2018 la 11:28, Michael Crusoe <michael.crusoe@gmail.com> a
> scris:
>
> > Dear colleagues,
> >
> > Attached is a patch to mark CVE-2018-1384{3,4,5} as fixed in htslib 1.9-1.
> >
> > I also submitted a pull request
> > https://salsa.debian.org/security-tracker-team/security-tracker/merge_requests/29
> > as I didn't know which method is preferred.
> >
> > This is my first time interacting with the security-team/CVEs; please let
> > me know if I'm not doing this correctly or could do it better.
> >
> > Thanks!
> >
> > --
> > Michael R. Crusoe
> > Co-founder & Lead, Common Workflow Language project
> > <http://www.commonwl.org/>
> > Direktorius, VšĮ "Darbo eigos", Vilnius, Lithuania
> > Debian Maintainer, Med team
> > https://orcid.org/0000-0002-2961-9670
> > <https://impactstory.org/u/0000-0002-2961-9670>
> > mrc@commonwl.org
> >
>
>
> --
> Michael R. Crusoe
> Co-founder & Lead, Common Workflow Language project
> <http://www.commonwl.org/>
> Direktorius, VšĮ "Darbo eigos", Vilnius, Lithuania
> https://orcid.org/0000-0002-2961-9670
> <https://impactstory.org/u/0000-0002-2961-9670>
> mrc@commonwl.org
> +1 480 627 9108 / +370 653 11125
--
http://fam-tille.de
--
Direktorius, VšĮ "Darbo eigos", Vilnius, Lithuania