Bug#948219: stretch-pu: package ros-ros-comm/1.12.6-2

To: Jochen Sprickerhof <jspricke@debian.org>, 948219@bugs.debian.org
Subject: Bug#948219: stretch-pu: package ros-ros-comm/1.12.6-2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 06 Jan 2020 20:59:17 +0000
Message-id: <[🔎] eb9b28a1e7b8de7a87a4b9b1a3116bd30da8dd71.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 948219@bugs.debian.org
In-reply-to: <[🔎] 157823602786.37096.9296319347576758738.reportbug@fenchel>
References: <[🔎] 157823602786.37096.9296319347576758738.reportbug@fenchel> <[🔎] 157823602786.37096.9296319347576758738.reportbug@fenchel>

Control: tags -1 + confirmed

On Sun, 2020-01-05 at 15:53 +0100, Jochen Sprickerhof wrote:
> The ros-ros-comm version in stretch is affected by two new CVEs:
> CVE-2019-13465 and CVE-2019-13445. The first one was already fixed by
> 1.12.6-2+deb9u1, cf. #945944, but the second one is new. The attached
> patch is against 1.12.6-2+deb9u1 and also adopts the changelog to
> mention the second CVE.
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#948219: stretch-pu: package ros-ros-comm/1.12.6-2
  - From: Jochen Sprickerhof <jspricke@debian.org>

Prev by Date: Processed: Re: Bug#945896: buster-pu: package ros-ros-comm/1.14.3+ds1-5
Next by Date: Processed: Re: Bug#948219: stretch-pu: package ros-ros-comm/1.12.6-2
Previous by thread: Bug#948219: stretch-pu: package ros-ros-comm/1.12.6-2
Next by thread: Processed: Re: Bug#948219: stretch-pu: package ros-ros-comm/1.12.6-2
Index(es):
- Date
- Thread