Hi Emilio, On Tue, Mar 16, 2021 at 01:26:18PM +0100, Emilio Pozuelo Monfort wrote: > Hi, > > On 15/03/2021 12:36, Salvatore Bonaccorso wrote: > > Hi Brian, LTS team, > > > > This was reported by the Ubuntu security team: The DLA 2550-1 update > > was aiming to fix CVE-2020-27844 as well, but it looks that whilst a > > patch is included in debian/patches the series files does not apply > > it. > > > > To be on safe side I have removed the listing for CVE-2020-27844 in > > the DLA 2550-1, but please double-check if this is correct? > > I have taken a look and that version is not vulnerable to CVE-2020-27844, so > removing it from DLA-2550-1 is correct. Thanks! > > I have added some clarification in data/CVE/list, buster isn't affected > either.
Thanks for the analysis! Regards, Salvatore
