Bug#998902: Reopening: bullseye-pu: package htmldoc/1.9.11-4

To: Håvard Flaget Aasen <haavard_aasen@yahoo.no>, 998902@bugs.debian.org
Subject: Bug#998902: Reopening: bullseye-pu: package htmldoc/1.9.11-4
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 03 Dec 2021 16:26:21 +0000
Message-id: <[🔎] 62a49ab43c905958e24b605bc10b255b665df712.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 998902@bugs.debian.org
In-reply-to: <CAO9NP942OFCdck9gRSvvVAu+VpYo4edY=UtK_ebXyOWjcMR-dg@mail.gmail.com>
References: <CAO9NP942OFCdck9gRSvvVAu+VpYo4edY=UtK_ebXyOWjcMR-dg.ref@mail.gmail.com> <163648341837.153243.4092900554131822471.reportbug@thinkpad.bs-production.no> <CAO9NP942OFCdck9gRSvvVAu+VpYo4edY=UtK_ebXyOWjcMR-dg@mail.gmail.com> <163648341837.153243.4092900554131822471.reportbug@thinkpad.bs-production.no>

Control: tags -1 + confirmed

On Mon, 2021-11-15 at 17:56 +0100, Håvard Flaget Aasen wrote:
> Control: reopen 998902
> 
> On Sat, 13 Nov 2021 00:17:02 +0100
> =?UTF-8?Q?H=C3=A5vard_Flaget_Aasen?= <haavard_aasen@yahoo.no> wrote:
> > CVE-2021-40985 has now been marked as unimportant, I'm therefore
> > closing this bug, since the CVE was the sole purpose of the update.
> > 
> > Regards,
> > Håvard
> > 
> > 
> After some information in [1] I'm reopening this.
> 
> All the previous information still holds true, but the proposed
> update
> has been expanded to include a fix for both CVE-2021-40985 and
> CVE-2021-43579.
> The upstream release fixing these issues has migrated to testing
> (1.9.13) and I have verified that the patches indeed prevent
> buffer-overflow in bullseye.
> 

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Bug#1000454: bullseye-pu: package gdal/3.2.2+dfsg-2+deb11u1
Next by Date: Bug#993318: bullseye-pu: package golang-1.15/1.15.15-1~deb11u1
Previous by thread: Bug#994064: bullseye-pu: package python-eventlet/0.26.1-7
Next by thread: Processed: Re: Bug#998902: Reopening: bullseye-pu: package htmldoc/1.9.11-4
Index(es):
- Date
- Thread