Bug#930357: stretch-pu: package miniupnpd/1.8.20140523-4.1+deb9u2 CVE-2019-12107, CVE-2019-12108, CVE-2019-12109, CVE-2019-12110

To: Thomas Goirand <zigo@debian.org>, 930357@bugs.debian.org
Subject: Bug#930357: stretch-pu: package miniupnpd/1.8.20140523-4.1+deb9u2 CVE-2019-12107, CVE-2019-12108, CVE-2019-12109, CVE-2019-12110
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 26 Jul 2019 17:03:52 -0300
Message-id: <[🔎] a1a2ab4dd8c517e8b3068814a9242a52@mail.adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 930357@bugs.debian.org
In-reply-to: <156025251720.9537.15847568783469362853.reportbug@buzig2.debian.org>
References: <156025251720.9537.15847568783469362853.reportbug@buzig2.debian.org> <156025251720.9537.15847568783469362853.reportbug@buzig2.debian.org>

Control: tags -1 + confirmed

On 2019-06-11 08:28, Thomas Goirand wrote:

Please allow me to upload miniupnpd/1.8.20140523-4.1+deb9u2, as the
security team told me the CVE in the Subject do not need a DSA.

The upload only adds the upstream patches, Stretch doesn't seem to
be affected by CVE-2019-12111. On top of that, the fixed version adds
a change to debian/gbp.conf (only branch names), please allow this to
get in as well, as this simplifies the packaging update tasks.


Please go ahead; thanks.

Regards,

Adam

Reply to:

Prev by Date: Bug#933125: buster-pu: package systemd/241-5+deb10u1
Next by Date: Processed: Re: Bug#930357: stretch-pu: package miniupnpd/1.8.20140523-4.1+deb9u2 CVE-2019-12107, CVE-2019-12108, CVE-2019-12109, CVE-2019-12110
Previous by thread: Bug#933125: buster-pu: package systemd/241-5+deb10u1
Next by thread: Processed: Re: Bug#930357: stretch-pu: package miniupnpd/1.8.20140523-4.1+deb9u2 CVE-2019-12107, CVE-2019-12108, CVE-2019-12109, CVE-2019-12110
Index(es):
- Date
- Thread