On Sun, 2019-03-31 at 19:57 +0100, Adam D. Barratt wrote: > Control: tags -1 + moreinfo > > On Fri, 2019-03-15 at 11:23 +0100, Paul Slootman wrote: > > There are a couple of CVEs that have been fixed by 3.1.2-1+deb9u2. > > After discussing this with a member of the security team it was not > > considered important enough to warrant a DSA, but it would be good > > if > > it > > could be included in a point release for stretch. > > > > The changelog is: > > > > * Apply CVEs from 2016 to the zlib code. > > closes:#924509 > > > > The only change was the addition of 4 patches to the zlib code. > > > > The uploaded version was compiled on a stretch system. > > > > There doesn't appear to be an uploaded version anywhere that I can > see.
Because: Mar 15 10:54:14 /rsync_3.1.2-1+deb9u2_amd64.changes has bad PGP/GnuPG signature! > Please attach a source debdiff to this report. Regards, Adam