Control: reopen 998902 On Sat, 13 Nov 2021 00:17:02 +0100 =?UTF-8?Q?H=C3=A5vard_Flaget_Aasen?= <haavard_aasen@yahoo.no> wrote: > CVE-2021-40985 has now been marked as unimportant, I'm therefore > closing this bug, since the CVE was the sole purpose of the update. > > Regards, > Håvard > > After some information in [1] I'm reopening this. All the previous information still holds true, but the proposed update has been expanded to include a fix for both CVE-2021-40985 and CVE-2021-43579. The upstream release fixing these issues has migrated to testing (1.9.13) and I have verified that the patches indeed prevent buffer-overflow in bullseye. Regards, Håvard [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998907
Attachment:
htmldoc.debdiff
Description: Binary data