Bug#979724: buster-pu: package libmaxminddb/1.3.2-1+deb10u1
On Sat, Jan 16, 2021 at 06:00:00PM +0000, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Sun, 2021-01-10 at 21:39 +0200, Faidon Liambotis wrote:
> > This is an buster proposed update to fix CVE-2020-28241:
> > > libmaxminddb before 1.4.3 has a heap-based buffer over-read in
> > > dump_entry_data_list in maxminddb.c.
> >
> > The security team has marked the CVE as "<no-dsa> (Minor issue)", and
> > filed #973878 against the package.
> >
>
> Please go ahead.
Thanks!
This is now uploaded and ACCEPTed into proposed-updates->stable-new.
Best,
Faidon
P.S. Not sure if I'm supposed to mark this bug done myself?
Reply to: