Bug#994943: buster-pu: package atftp/0.7.git20120829-3.2~deb10u1

To: "Andreas B. Mundt" <andi@debian.org>, 994943@bugs.debian.org
Subject: Bug#994943: buster-pu: package atftp/0.7.git20120829-3.2~deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 30 Sep 2021 20:30:19 +0100
Message-id: <[🔎] 894d737c9ab2d625ec3ee0152b4b49b432505410.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 994943@bugs.debian.org
In-reply-to: <[🔎] 163241207159.537079.1545446625199075199.reportbug@flashgordon>
References: <[🔎] 163241207159.537079.1545446625199075199.reportbug@flashgordon> <[🔎] 163241207159.537079.1545446625199075199.reportbug@flashgordon>

Control: tags -1 + confirmed

On Thu, 2021-09-23 at 17:47 +0200, Andreas B. Mundt wrote:
> I would like to ask for permission to upload a new atftpd 
> package 0.7.git20120829-3.2+deb10u2 to fix #994895, buffer
> overflow, CVE-2021-41054.
> 

The diff here has the same s/save/safe/g issue as the bullseye diff,
fwiw.

[...]
> 
> I chose the package version to increases from -3.2~deb10u1 to
> -3.2+deb10u2

It's not a huge issue, but why? The conventional successor to ~deb10u1
is ~deb10u2.

I'd prefer the "~" versioning, but in any case please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#994943: buster-pu: package atftp/0.7.git20120829-3.2~deb10u1
  - From: "Andreas B. Mundt" <andi@debian.org>

Prev by Date: Bug#994862: buster-pu: package node-ansi-regex/3.0.0-1+deb10u1
Next by Date: Processed: Re: Bug#994943: buster-pu: package atftp/0.7.git20120829-3.2~deb10u1
Previous by thread: Bug#994943: buster-pu: package atftp/0.7.git20120829-3.2~deb10u1
Next by thread: Processed: Re: Bug#994943: buster-pu: package atftp/0.7.git20120829-3.2~deb10u1
Index(es):
- Date
- Thread