Bug#973963: RFS: libonig/6.9.6-1 -- regular expressions library
- To: Jörg Frings-Fürst <firstname.lastname@example.org>
- Cc: email@example.com
- Subject: Bug#973963: RFS: libonig/6.9.6-1 -- regular expressions library
- From: Adrian Bunk <firstname.lastname@example.org>
- Date: Sat, 6 Feb 2021 13:52:03 +0200
- Message-id: <[🔎] 20210206115203.GI9594@localhost>
- Reply-to: Adrian Bunk <email@example.com>, firstname.lastname@example.org
- In-reply-to: <email@example.com>
- References: <firstname.lastname@example.org> <20201108163701.GA12171@localhost> <email@example.com> <firstname.lastname@example.org>
On Sun, Nov 08, 2020 at 07:02:27PM +0100, Jörg Frings-Fürst wrote:
> Hello Adrian,
> CVE-2020-26159 was released following a review with Coverity. This resulted in
> 27 errors. One of them was a false positive.
> Which of the bugs led to the CVE report I cannot judge.
> The remaining bugs have been fixed in the meantime. I therefore believe that the
> CVE report can be closed.
apologies for the delay.
The CVE is now generally considered bogus, would it be OK for you if I
upload your RFS with the changelog line
- Fix CVE-2020-26159 (Closes: #972113).