On Sat, Jan 16, 2021 at 06:00:00PM +0000, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Sun, 2021-01-10 at 21:39 +0200, Faidon Liambotis wrote: > > This is an buster proposed update to fix CVE-2020-28241: > > > libmaxminddb before 1.4.3 has a heap-based buffer over-read in > > > dump_entry_data_list in maxminddb.c. > > > > The security team has marked the CVE as "<no-dsa> (Minor issue)", and > > filed #973878 against the package. > > > > Please go ahead.
Thanks! This is now uploaded and ACCEPTed into proposed-updates->stable-new. Best, Faidon P.S. Not sure if I'm supposed to mark this bug done myself?
