Control: tags -1 -moreinfo +confirmed On Sat, 2020-01-25 at 20:49 +0100, Roland Rosenfeld wrote: > Hi Adam! > > On Sa, 25 Jan 2020, Adam D. Barratt wrote: > > > On Tue, 2020-01-07 at 20:16 +0100, Roland Rosenfeld wrote: > > > While 3.2.7a-5+deb10u2 is currently in proposed-updates I > > > prepared > > > another update (deb10u3) fixing CVE-2019-19746 and CVE-2019-19797 > > > as > > > well as 6 further segfaults, which are only in upstream tracker > > > and > > > don't have a CVE: > > > https://sourceforge.net/p/mcj/tickets/58 > > > https://sourceforge.net/p/mcj/tickets/59 > > > https://sourceforge.net/p/mcj/tickets/61 > > > https://sourceforge.net/p/mcj/tickets/62 > > > https://sourceforge.net/p/mcj/tickets/78 > > > https://sourceforge.net/p/mcj/tickets/79 > > > > Are those additional upstream fixes already included in the package > > in unstable? > > Yes, 43_fgets2getline.patch from 3.2.7a-5+deb10u3, which fixes all > these issues is nearly identical to 32_fgets2getline.patch from > 3.2.7b-3, which is available in sid and bullseye. >
OK, thanks. Please go ahead. Regards, Adam