Bug#988455: buster-pu: package velocity/1.7-5+deb10u1

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 988455@bugs.debian.org
Subject: Bug#988455: buster-pu: package velocity/1.7-5+deb10u1
From: "Chris Lamb" <lamby@debian.org>
Date: Sun, 16 May 2021 11:28:32 +0100
Message-id: <[🔎] 3b54205c-e10b-43cd-b940-f0288db7578b@www.fastmail.com>
Reply-to: "Chris Lamb" <lamby@debian.org>, 988455@bugs.debian.org
In-reply-to: <[🔎] 507cda05be3af0ce4d37bac3242d75c4c52ba59b.camel@adam-barratt.org.uk>
References: <[🔎] 162090087856.2727355.17003072208861169135@tinycat.chris-lamb.co.uk> <[🔎] 507cda05be3af0ce4d37bac3242d75c4c52ba59b.camel@adam-barratt.org.uk> <[🔎] 162090087856.2727355.17003072208861169135@tinycat.chris-lamb.co.uk>

Adam D. Barratt wrote:

> > Please consider velocity (1.7-5+deb10u1) for buster:
> >   
> >   velocity (1.7-5+deb10u1) buster; urgency=medium
> >   .
> >     * CVE-2020-13936: Prevent a potential arbitrary code execution vulnerability
> >       that can be exploited by applications that allow untrusted users to
> >       upload/modify Velocity templates. (Closes: #985220)
>
> Please go ahead.

Thanks — I've uploaded velocity_1.7-5+deb10u1_amd64.changes for this.


Best wishes,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-

Reply to:

References:
- Bug#988455: buster-pu: package velocity/1.7-5+deb10u1
  - From: "Chris Lamb" <lamby@debian.org>
- Bug#988455: buster-pu: package velocity/1.7-5+deb10u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#988454: buster-pu: package ruby-websocket-extensions/0.1.2-1+deb10u1
Next by Date: Bug#988585: unblock: grub2/2.04-18
Previous by thread: Bug#988455: buster-pu: package velocity/1.7-5+deb10u1
Next by thread: Processed: Re: Bug#988455: buster-pu: package velocity/1.7-5+deb10u1
Index(es):
- Date
- Thread