Bug#998902: Reopening: bullseye-pu: package htmldoc/1.9.11-4

To: 998902@bugs.debian.org
Subject: Bug#998902: Reopening: bullseye-pu: package htmldoc/1.9.11-4
From: Håvard Flaget Aasen <haavard_aasen@yahoo.no>
Date: Mon, 15 Nov 2021 17:56:08 +0100
Message-id: <[🔎] CAO9NP942OFCdck9gRSvvVAu+VpYo4edY=UtK_ebXyOWjcMR-dg@mail.gmail.com>
Reply-to: Håvard Flaget Aasen <haavard_aasen@yahoo.no>, 998902@bugs.debian.org
References: <CAO9NP942OFCdck9gRSvvVAu+VpYo4edY=UtK_ebXyOWjcMR-dg.ref@mail.gmail.com> <[🔎] 163648341837.153243.4092900554131822471.reportbug@thinkpad.bs-production.no>

Control: reopen 998902

On Sat, 13 Nov 2021 00:17:02 +0100
=?UTF-8?Q?H=C3=A5vard_Flaget_Aasen?= <haavard_aasen@yahoo.no> wrote:
> CVE-2021-40985 has now been marked as unimportant, I'm therefore
> closing this bug, since the CVE was the sole purpose of the update.
>
> Regards,
> Håvard
>
>
After some information in [1] I'm reopening this.

All the previous information still holds true, but the proposed update
has been expanded to include a fix for both CVE-2021-40985 and
CVE-2021-43579.
The upstream release fixing these issues has migrated to testing
(1.9.13) and I have verified that the patches indeed prevent
buffer-overflow in bullseye.

Regards,
Håvard

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998907

Attachment: htmldoc.debdiff
Description: Binary data

Reply to:

References:
- Bug#998902: bullseye-pu: package htmldoc/1.9.11-4
  - From: Håvard Flaget Aasen <haavard_aasen@yahoo.no>

Prev by Date: Processed: Re: Reopening: bullseye-pu: package htmldoc/1.9.11-4
Next by Date: Re: New proposed-updates diff: libapache2-mod-rivet 3.2.1-1
Previous by thread: Processed: Re: Reopening: bullseye-pu: package htmldoc/1.9.11-4
Next by thread: Bug#998907: buster-pu: package htmldoc/1.9.3-1+deb10u2
Index(es):
- Date
- Thread