Hi,
> > Buster received [0] per 2.0.4+dfsg1-1, but not [1]. Even if I was aware
> > that the initial patch was broken (see stretch patch descriptions), I
> > failed to handle this properly in the buster version.
> >
> > As far as I remember, I did not upload this diff yet. I'll just provide an
> > updated version asap. I will also update the testing NMU[2], which I
> > fortunately did not upload yet.
>
> Perfect, thank you for that!
Done! You can find an updated debdiff for buster in attachement. The new
debdiff ships CVE-2019-5058.patch which addresses the remaining issue in
IMG_xcf.c.
cheers,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Attachment:
signature.asc
Description: PGP signature