Package: src:http-parser Version: 2.8.1-1+deb10u1 Fixed: 2.9.4-1 Severity: important
As it became appearent in #996460, the fix for CVE-2019-15605 in Debian
introduced an ABI break, and unfortunately nobody noticed before the
stable point release on October 9th. Symptoms, at least for tang, are
segmentation faults. Data corruption might happen as well.
Workaround: Downgrade http-parser to the previous version 2.8.1-1,
or rebuild the affected packages.
Working on a resolution (worst case: Trigger a rebuild all ten packages
linked against http-parser) will be my chore as I managed to break
things in the first place.
Output of dd-list on the possibly affected packages below.
Christoph
Angus Lees <g...@debian.org>
cargo (U)
Aron Xu <a...@debian.org>
ocserv
Christoph Biedl <debian.a...@manchmal.in-ulm.de>
tang
Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
libgit-raw-perl
Debian Python Modules Team <python-modules-t...@lists.alioth.debian.org>
python-httptools
Debian Ruby Extras Maintainers
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
ruby-http-parser.rb
Debian SSSD Team <pkg-sssd-de...@alioth-lists.debian.net>
sssd
Debian XMPP Maintainers <pkg-xmpp-de...@lists.alioth.debian.org>
jabberd2
Dima Kogan <dko...@debian.org>
tcpflow
Dominik George <naturesha...@debian.org>
sssd (U)
Luca Bruno <lu...@debian.org>
cargo (U)
Marc Haber <mh+debian-packa...@zugschlus.de>
libgit-raw-perl (U)
Michael Fladischer <fl...@debian.org>
python-httptools (U)
Mike Miller <mtmil...@debian.org>
ocserv (U)
Per Andersson <avtob...@gmail.com>
ruby-http-parser.rb (U)
Pirate Praveen <prav...@debian.org>
libgit2 (U)
ruby-http-parser.rb (U)
Rust Maintainers <pkg-rust-maintain...@alioth-lists.debian.net>
cargo
Simon Josefsson <si...@josefsson.org>
jabberd2 (U)
Timo Aaltonen <tjaal...@debian.org>
sssd (U)
Utkarsh Gupta <utka...@debian.org>
libgit2
Vasudev Kamath <vasu...@copyninja.info>
cargo (U)
Ximin Luo <infini...@debian.org>
cargo (U)
signature.asc
Description: PGP signature
