Bug#973963: RFS: libonig/6.9.6-1 -- regular expressions library
- To: Jörg Frings-Fürst <debian@jff.email>
- Cc: 973963@bugs.debian.org
- Subject: Bug#973963: RFS: libonig/6.9.6-1 -- regular expressions library
- From: Adrian Bunk <bunk@debian.org>
- Date: Sat, 6 Feb 2021 13:52:03 +0200
- Message-id: <[🔎] 20210206115203.GI9594@localhost>
- Reply-to: Adrian Bunk <bunk@debian.org>, 973963@bugs.debian.org
- In-reply-to: <e5ea0ae0200f55a24e5ffd451825c1542478792b.camel@jff.email>
- References: <d00dfaa725a7caf33328cd4ea23789649e01d0ad.camel@jff.email> <20201108163701.GA12171@localhost> <e5ea0ae0200f55a24e5ffd451825c1542478792b.camel@jff.email> <d00dfaa725a7caf33328cd4ea23789649e01d0ad.camel@jff.email>
On Sun, Nov 08, 2020 at 07:02:27PM +0100, Jörg Frings-Fürst wrote:
> Hello Adrian,
Hi Jörg,
> CVE-2020-26159 was released following a review with Coverity. This resulted in
> 27 errors. One of them was a false positive.
>
> Which of the bugs led to the CVE report I cannot judge.
>
> The remaining bugs have been fixed in the meantime. I therefore believe that the
> CVE report can be closed.
apologies for the delay.
The CVE is now generally considered bogus, would it be OK for you if I
upload your RFS with the changelog line
- Fix CVE-2020-26159 (Closes: #972113).
removed?
> CU
> Jörg
Thanks
Adrian
Reply to: