Am Dienstag, den 03.03.2020, 20:37 +0000 schrieb Adam D. Barratt: > On Thu, 2020-02-06 at 17:33 +0100, Daniel Leidert wrote: > > The proposed update will fix CVE-2019-16770 (#946312) for Buster > > users. The security team marked the issue no-dsa and asked to > > schedule the fix via the next point release. The debdiff is attached. > > The patch to fix the CVE has been taken from upstream's Git > > repository. > > +puma (3.12.0-2+deb10u1) buster-security; urgency=medium > > Just "buster" for p-u, please. Yes I already saw it. I prepared the upload first for security. But they asked me to do the upload via p-u. I'll fix this. > +Subject: Merge pull request from GHSA-7xx3-m584-x994 > + > +could monopolize a thread. Previously, this could make a DoS attack more > +severe. > > Is there a missing line (or at least words) before "could monopolize" > there? No. This is the original commit message I kept from upstream. > In any case, please go ahead (with the fixed distribution). Thanks. Regards, Daniel
Attachment:
signature.asc
Description: This is a digitally signed message part