Bug#1076271: bookworm-pu: package dmitry
Hi,
On Sat, Jul 13, 2024 at 02:37:32PM +0200, Petter Reinholdtsen wrote:
>
> Package: release.debian.org
> Affects: dmitry
>
> The <URL: https://tracker.debian.org/pkg/dmitry > package in stable,
> version 1.3a-1.2, got a few security issues that could be fixed. These
> are CVE-2024-31837, CVE-2020-14931 and CVE-2017-7938. I would like to
> update these in bookworm, and have prepared the change in the git
> repository, in the debian/bookworm branch. Here is the complete
> proposed patch, including an update of the maintainer to reflect that
> the package is orphaned.
>
> diff --git a/debian/changelog b/debian/changelog
> index 2ebd04d..5f23771 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,14 @@
> +dmitry (1.3a-1.2+deb12u1) UNRELEASED; urgency=medium
> +
> + * QA upload.
> +
> + * Fix format string bug (#3).
> + * Fix handling externally-controlled format strings and buffer overflows
> + * Do not let frmtdbuff overflow in nic_format_buff.
> + * Switched maintainer to QA group, to reflect the packages orphaned state.
Can you add as well the known CVE id references to the
debian/changelog entries, which will facilitate the tracking of the
fix?
Regards,
Salvatore
Reply to: