Control: tags -1 + confirmed On Sun, 2020-01-05 at 15:53 +0100, Jochen Sprickerhof wrote: > The ros-ros-comm version in stretch is affected by two new CVEs: > CVE-2019-13465 and CVE-2019-13445. The first one was already fixed by > 1.12.6-2+deb9u1, cf. #945944, but the second one is new. The attached > patch is against 1.12.6-2+deb9u1 and also adopts the changelog to > mention the second CVE. > Please go ahead. Regards, Adam