Hi Chris, On Wed, Aug 02, 2017 at 07:19:17PM +0000, Chris Lamb wrote: > commit b56cefec7cd8ec186e9662a5c5f0c3ada030d456 > Author: Chris Lamb <la...@debian.org> > Date: Wed Aug 2 15:15:04 2017 -0400 > > New upstream release. (Closes: #854272, #854733)
The recent upload to unstable claims to fix several CVEs. While for #854733 this is the case for CVE-2017-5595, I fail to find fixing commits for the other two CVEs from that bug. Where are they fixed? Can you help identifying the commits? Similarly for #854272. all of those were reported to upstream without response. A quick search does not lead me to aany commits later than 1.30 upstream. if so can you update the security-tracker indicating the fixing commits for the individual CVEs? thanks already! Regards, Salvatore
