Hello Andreas, A fix for the vulnerabilities listed was included by upstream in htslib 1.9, and therefore the Debian package for htslib 1.9-1 and onwards is no longer vulnerable to the listed CVEs.
https://github.com/samtools/htslib/pull/732 În lun., 10 dec. 2018 la 06:21, Andreas Tille <[email protected]> a scris: > Hi Michael, > > it is not clear to me what this means: Do you intend to upload a fixed > package or do you expect somebody else to take action (and if the latter > what action exactly). > > Kind regards > > Andreas. > > On Sun, Dec 09, 2018 at 11:29:47AM +0900, Michael Crusoe wrote: > > [adding the Debian Med Project List <[email protected]> in CC] > > > > În dum., 9 dec. 2018 la 11:28, Michael Crusoe <[email protected]> > a > > scris: > > > > > Dear colleagues, > > > > > > Attached is a patch to mark CVE-2018-1384{3,4,5} as fixed in htslib > 1.9-1. > > > > > > I also submitted a pull request > > > > https://salsa.debian.org/security-tracker-team/security-tracker/merge_requests/29 > > > as I didn't know which method is preferred. > > > > > > This is my first time interacting with the security-team/CVEs; please > let > > > me know if I'm not doing this correctly or could do it better. > > > > > > Thanks! > > > > > > -- > > > Michael R. Crusoe > > > Co-founder & Lead, Common Workflow Language project > > > <http://www.commonwl.org/> > > > Direktorius, VšĮ "Darbo eigos", Vilnius, Lithuania > > > Debian Maintainer, Med team > > > https://orcid.org/0000-0002-2961-9670 > > > <https://impactstory.org/u/0000-0002-2961-9670> > > > [email protected] > > > > > > > > > -- > > Michael R. Crusoe > > Co-founder & Lead, Common Workflow Language project > > <http://www.commonwl.org/> > > Direktorius, VšĮ "Darbo eigos", Vilnius, Lithuania > > https://orcid.org/0000-0002-2961-9670 > > <https://impactstory.org/u/0000-0002-2961-9670> > > [email protected] > > +1 480 627 9108 / +370 653 11125 > > -- > http://fam-tille.de > -- Michael R. Crusoe Co-founder & Lead, Common Workflow Language project <http://www.commonwl.org/> Direktorius, VšĮ "Darbo eigos", Vilnius, Lithuania https://orcid.org/0000-0002-2961-9670 <https://impactstory.org/u/0000-0002-2961-9670> [email protected] +1 480 627 9108 / +370 653 11125
