Am Montag, dem 19.02.2024 um 07:11 +0100 schrieb Salvatore Bonaccorso: [..] > > Debian LTS Advisory DLA-3735-1 [..] > The DLA reservation for this update in data/DLA/list seems missing, > can you push the changes there? Otherwise there is potential that > there will be a duplicate DLA assingment apart that as well the > tracker will not show up correctly the fixing information. I'm sorry. I was sure I pushed it. I merged my commits now and pushed. > Out of interest: For CVE-2024-21626 upstream mentioned in their GHSA: > Affected versions: >=v1.0.0-rc93,<=1.1.11. If this is not correct then > it might be worth pointing it out to upstream so they can adjust the > affected version range. Do you know more by chance? That is interesting and does not reflect my understanding. I planned talking to upstream anyway. However, most of the patchset for CVE-2024- 21626 contains hardening measurements to prevent similar attacks. Thus, I believe that these patches are valuable in any case. Regards, Daniel
Attachment:
signature.asc
Description: This is a digitally signed message part