Note, that the advisory at [1] mentions that affected versions are
only > 1.45.x. Looking at the git changes, is it not introduced after 6dd44caa35b4 ("unix,win: support IDNA 2008 in uv_getaddrinfo()") in
v1.24.0?
I'm still pondering what should be done for stable which ships a libuv1.44.2
Hi
On Wed, 14 Feb 2024 12:57:52 +0100 Dominique Dumont <dod@debian.org> wrote:
I'm still pondering what should be done for stable which ships a libuv1.44.2
I've prepared a fix for bookworm. You'll find the debdiff in attachment.
Please tell me if I can upload this package to bookworm-security.
On Tuesday, 5 March 2024 22:15:50 CET Salvatore Bonaccorso wrote:
The debdiff for bookworm-security looks good to me. Please do upload
to security-master (and make sure to build with -sa as the orig
tarball is not yet on security-master for 1.44.2).
Done.
So we just need as well the bullseye-security one, as per above, can
you prepare this one as well.
Done. Here's the debdiff in attachment
On Wednesday, 6 March 2024 21:07:56 CET Salvatore Bonaccorso wrote:
Thank you very much. Looks good to me, feel free to upload as well to security-master (and build as well with -sa).
Done.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 297 |
Nodes: | 16 (2 / 14) |
Uptime: | 09:30:56 |
Calls: | 6,666 |
Files: | 12,213 |
Messages: | 5,336,273 |