Hi, Ivo De Decker <iv...@debian.org> (2019-06-25): > On Tue, Jun 25, 2019 at 06:59:09AM +0200, Salvatore Bonaccorso wrote: > > Please unblock package expat, it fixes CVE-2018-20843 and got fixed by > > Laszlo cherry-picking the upstream fix. The issue is tracked as > > #931031 in the BTS: > > > > > expat (2.2.6-2) unstable; urgency=high > > > > > > * Fix extraction of namespace prefix from XML name (CVE-2018-20843) > > > (closes: #931031). > > > > > > -- Laszlo Boszormenyi (GCS) <g...@debian.org> Mon, 24 Jun 2019 21:18:31 > > > +0000 > > > > unblock expat/2.2.6-2 > > I'm fine with this, but expat has a udeb, so this needs a d-i ack. Kibi Cc's > (and diff quoted below for easy review).
No obvious regressions in the graphical installer, so no objections. Cheers, -- Cyril Brulebois (k...@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
signature.asc
Description: PGP signature