[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1076271: bookworm-pu: package dmitry

Hi,

On Sat, Jul 13, 2024 at 02:37:32PM +0200, Petter Reinholdtsen wrote:
> 
> Package: release.debian.org
> Affects: dmitry
> 
> The <URL: https://tracker.debian.org/pkg/dmitry > package in stable,
> version 1.3a-1.2, got a few security issues that could be fixed.  These
> are CVE-2024-31837, CVE-2020-14931 and CVE-2017-7938.  I would like to
> update these in bookworm, and have prepared the change in the git
> repository, in the debian/bookworm branch.  Here is the complete
> proposed patch, including an update of the maintainer to reflect that
> the package is orphaned.
> 
> diff --git a/debian/changelog b/debian/changelog
> index 2ebd04d..5f23771 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,14 @@
> +dmitry (1.3a-1.2+deb12u1) UNRELEASED; urgency=medium
> +
> +  * QA upload.
> +
> +  * Fix format string bug (#3).
> +  * Fix handling externally-controlled format strings and buffer overflows
> +  * Do not let frmtdbuff overflow in nic_format_buff.
> +  * Switched maintainer to QA group, to reflect the packages orphaned state.

Can you add as well the known CVE id references to the
debian/changelog entries, which will facilitate the tracking of the
fix?

Regards,
Salvatore
Reply to: