I am seriously thinking that slirp from unstable should be ported as is from sid to buster and stretch. This is not a new upstream version, it has bug fixes and security updates only. Probably the same changes I would have to make myself in fact. Such as replacing sprintf calls with snprintf calls for example.
This would fix CVE-2020-7039 and provide the prerequisite to fixing CVE-2020-8608. Only thing, I am not sure what to do with the versioning: stretch 1:1.0.17-8 buster 1:1.0.17-8 sid 1:1.0.17-10 In fact, because stretch and buster has the same version, does this mean I can't make any security uploads to stretch? On the other hand the security team has marked both these as no-DSA, in buster meaning maybe I should do the same thing too? -- Brian May <br...@linuxpenguins.xyz> https://linuxpenguins.xyz/brian/