[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#979724: buster-pu: package libmaxminddb/1.3.2-1+deb10u1



Control: tags -1 + confirmed

On Sun, 2021-01-10 at 21:39 +0200, Faidon Liambotis wrote:
> This is an buster proposed update to fix CVE-2020-28241:
> > libmaxminddb before 1.4.3 has a heap-based buffer over-read in
> > dump_entry_data_list in maxminddb.c.
> 
> The security team has marked the CVE as "<no-dsa> (Minor issue)", and
> filed #973878 against the package.
> 

Please go ahead.

Regards,

Adam


Reply to: