Bug#994943: buster-pu: package atftp/0.7.git20120829-3.2~deb10u1
Control: tags -1 + confirmed
On Thu, 2021-09-23 at 17:47 +0200, Andreas B. Mundt wrote:
> I would like to ask for permission to upload a new atftpd
> package 0.7.git20120829-3.2+deb10u2 to fix #994895, buffer
> overflow, CVE-2021-41054.
>
The diff here has the same s/save/safe/g issue as the bullseye diff,
fwiw.
[...]
>
> I chose the package version to increases from -3.2~deb10u1 to
> -3.2+deb10u2
It's not a huge issue, but why? The conventional successor to ~deb10u1
is ~deb10u2.
I'd prefer the "~" versioning, but in any case please go ahead.
Regards,
Adam
Reply to: