Control: tags -1 + confirmed On Sun, 2021-01-10 at 21:39 +0200, Faidon Liambotis wrote: > This is an buster proposed update to fix CVE-2020-28241: > > libmaxminddb before 1.4.3 has a heap-based buffer over-read in > > dump_entry_data_list in maxminddb.c. > > The security team has marked the CVE as "<no-dsa> (Minor issue)", and > filed #973878 against the package. > Please go ahead. Regards, Adam