Bug#988608: RFS: scrollz/2.2.3-2 - advanced ircII-based IRC client
On Sun, May 16, 2021 at 02:55:32PM -0600, Mike Markley <firstname.lastname@example.org> wrote:
> Package: sponsorship-requests
> Severity: normal
> I'm seeking assistance uploading a new version of the ScrollZ IRC client
> to unstable that addresses an outstanding CVE:
> scrollz (2.2.3-2) unstable; urgency=high
> * Applied patch to ctcp.c to fix CVE-2021-29376 from
> https://github.com/ScrollZ/ScrollZ/pull/26 (Closes: #986215)
> * Applied minor patch from upstream to the above fix
> I'm listed as the maintainer in this package's control file, but I haven't
> had a key in the keyring for several years.
> This should be the minimum change required to fix this issue. I anticipate
> there will also be stable and possibly oldstable uploads, as well.
> Post-freeze, I do plan to update the source package to a newer upstream
I received numerous DMARC reports indicating that this original message
wasn't delivered, so I'm quoting this entire message to highlight it, now
that I've relaxed that policy.
The package is up on https://mentors.debian.net/package/scrollz/ now.
Mike Markley <email@example.com>