Hi,
On 15/03/2021 12:36, Salvatore Bonaccorso wrote:
Hi Brian, LTS team,
This was reported by the Ubuntu security team: The DLA 2550-1 update
was aiming to fix CVE-2020-27844 as well, but it looks that whilst a
patch is included in debian/patches the series files does not apply
it.
To be on safe side I have removed the listing for CVE-2020-27844 in
the DLA 2550-1, but please double-check if this is correct?
I have taken a look and that version is not vulnerable to CVE-2020-27844, so
removing it from DLA-2550-1 is correct. Thanks!
I have added some clarification in data/CVE/list, buster isn't affected either.
Cheers,
Emilio