Hi,
> According to the security tracker, liblivemedia in buster/sid is also affected
> by CVE-2019-7732 and CVE-2019-7733. Maybe you should consider fixing these as
> well (if there is a fix available that's easy to apply to the version in sid).
liblivemedia's upstream does not seem to be aware of these vulnerabilities,
so there are no known fixes at the moment. I have contacted them recently
but did not receive any answer yet.
> Either way, the diff you attached to this bug look fine, so you can go ahead
> with the upload to unstable and remove the moreinfo tag from this bug once the
> package is in unstable. If you want to add targeted fixes for the two other
> CVEs, you don't need to ask pre-approval for them, you can include them in the
> upload to unstable and send an updated debdiff.
Great, will do!
Thanks for your work.
cheers,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Attachment:
signature.asc
Description: PGP signature