On Mon 2022-10-17 22:16:15 +0200, Salvatore Bonaccorso wrote:
> Thanks for the offer. Andreas did already handle the bullseye-security
> update (DSA was just released) and Markus will handle the LTS upload.
great, many thanks to Andreas and Markus for taking care of this, and to
you Salvatore for
Hi Daniel,
On Mon, Oct 17, 2022 at 02:48:20PM -0400, Daniel Kahn Gillmor wrote:
> FWIW, the patch highlighted by Thomas appears to apply cleanly to 1.5.0
> (the version in debian stable).
>
> We should apply this on top of 1.5.0-3 for bullseye, and 1.3.5-2 for
> buster.
>
> The attached debdiffs
FWIW, the patch highlighted by Thomas appears to apply cleanly to 1.5.0
(the version in debian stable).
We should apply this on top of 1.5.0-3 for bullseye, and 1.3.5-2 for
buster.
The attached debdiffs do that, and should be able to build properly.
I've also uploaded them to the debian/bullseye
Package: libksba8
Version: 1.3.5-2
Severity: grave
Tags: security patch upstream
Justification: user security hole
Dear Maintainer,
https://gnupg.org/blog/20221017-pepe-left-the-ksba.html
announces an integer overflow that may be used for remote code
execution in versions of libksba before 1.6.2,
4 matches
Mail list logo