[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#979724: buster-pu: package libmaxminddb/1.3.2-1+deb10u1



On Sat, Jan 16, 2021 at 06:00:00PM +0000, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sun, 2021-01-10 at 21:39 +0200, Faidon Liambotis wrote:
> > This is an buster proposed update to fix CVE-2020-28241:
> > > libmaxminddb before 1.4.3 has a heap-based buffer over-read in
> > > dump_entry_data_list in maxminddb.c.
> > 
> > The security team has marked the CVE as "<no-dsa> (Minor issue)", and
> > filed #973878 against the package.
> > 
> 
> Please go ahead.

Thanks!

This is now uploaded and ACCEPTed into proposed-updates->stable-new.

Best,
Faidon

P.S. Not sure if I'm supposed to mark this bug done myself?


Reply to: