Bug#933637: Bug#933636: CVE-2019-14934

[Salvatore Bonaccorso <carnil@debian.org>]

Hi Francois,

On Fri, Jul 31, 2020 at 10:18:23AM +0200, Salvatore Bonaccorso wrote:
> Hi Francois,
> 
> On Mon, Feb 10, 2020 at 03:59:22PM -0800, Francois Marier wrote:
> > On 2020-02-07 at 10:14:24, Salvatore Bonaccorso wrote:
> > > > It looks OK to me. Tagging moreinfo until there's a final diff.
> > > 
> > > Friendly ping, any news? (It's too late now for the upcoming point
> > > release though).
> > 
> > It's still on my list, but not a very high priority. Definitely won't happen
> > until at least after the Ubuntu 20.04 Debian merge deadline.
> 
> It would now be too late for the 10.5 buster point release, but do you
> found time to finalize the debdiff for review for SRM? Then we might
> target for 10.6.

There are in meanwhile one more CVE which might be included. They are
at this time CVE-2019-14267, CVE-2020-9549, CVE-2019-14934 and
CVE-2020-20740 which are all marked no-dsa or unimportant (with
negligible security impact), but maybe if you still would like to fix
those for buster, we can close this report and then open a new one
with a revisited debdiff?

What do you think?

Regards,
Salvatore