[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#979724: buster-pu: package libmaxminddb/1.3.2-1+deb10u1

Hi Faidon,

On Sun, Jan 17, 2021 at 08:54:29PM +0200, Faidon Liambotis wrote:
> On Sat, Jan 16, 2021 at 06:00:00PM +0000, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Sun, 2021-01-10 at 21:39 +0200, Faidon Liambotis wrote:
> > > This is an buster proposed update to fix CVE-2020-28241:
> > > > libmaxminddb before 1.4.3 has a heap-based buffer over-read in
> > > > dump_entry_data_list in maxminddb.c.
> > > 
> > > The security team has marked the CVE as "<no-dsa> (Minor issue)", and
> > > filed #973878 against the package.
> > > 
> > 
> > Please go ahead.
> 
> Thanks!
> 
> This is now uploaded and ACCEPTed into proposed-updates->stable-new.
> 
> Best,
> Faidon
> 
> P.S. Not sure if I'm supposed to mark this bug done myself?

It will be closed at the point release time when the package (unless
suprises arise and not to be accepted into it).

Regards,
Salvatore
Reply to: