Package: src:http-parser Version: 2.8.1-1+deb10u1 Fixed: 2.9.4-1 Severity: important
As it became appearent in #996460, the fix for CVE-2019-15605 in Debian introduced an ABI break, and unfortunately nobody noticed before the stable point release on October 9th. Symptoms, at least for tang, are segmentation faults. Data corruption might happen as well. Workaround: Downgrade http-parser to the previous version 2.8.1-1, or rebuild the affected packages. Working on a resolution (worst case: Trigger a rebuild all ten packages linked against http-parser) will be my chore as I managed to break things in the first place. Output of dd-list on the possibly affected packages below. Christoph Angus Lees <g...@debian.org> cargo (U) Aron Xu <a...@debian.org> ocserv Christoph Biedl <debian.a...@manchmal.in-ulm.de> tang Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> libgit-raw-perl Debian Python Modules Team <python-modules-t...@lists.alioth.debian.org> python-httptools Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> ruby-http-parser.rb Debian SSSD Team <pkg-sssd-de...@alioth-lists.debian.net> sssd Debian XMPP Maintainers <pkg-xmpp-de...@lists.alioth.debian.org> jabberd2 Dima Kogan <dko...@debian.org> tcpflow Dominik George <naturesha...@debian.org> sssd (U) Luca Bruno <lu...@debian.org> cargo (U) Marc Haber <mh+debian-packa...@zugschlus.de> libgit-raw-perl (U) Michael Fladischer <fl...@debian.org> python-httptools (U) Mike Miller <mtmil...@debian.org> ocserv (U) Per Andersson <avtob...@gmail.com> ruby-http-parser.rb (U) Pirate Praveen <prav...@debian.org> libgit2 (U) ruby-http-parser.rb (U) Rust Maintainers <pkg-rust-maintain...@alioth-lists.debian.net> cargo Simon Josefsson <si...@josefsson.org> jabberd2 (U) Timo Aaltonen <tjaal...@debian.org> sssd (U) Utkarsh Gupta <utka...@debian.org> libgit2 Vasudev Kamath <vasu...@copyninja.info> cargo (U) Ximin Luo <infini...@debian.org> cargo (U)
signature.asc
Description: PGP signature