Source: fribidi Version: 1.0.8-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.0.5-3.1 Control: found -1 1.0.5-3.1+deb10u1
Hi, The following vulnerabilities were published for fribidi. CVE-2022-25308[0], CVE-2022-25309[1] and CVE-2022-25310[2]. The are fixed all on master in git upstream already (but no tagged version appeared yet including the fixes). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-25308 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25308 [1] https://security-tracker.debian.org/tracker/CVE-2022-25309 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25309 [2] https://security-tracker.debian.org/tracker/CVE-2022-25310 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25310 Please adjust the affected versions in the BTS as needed. Regards, Salvatore