1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1068694: bullseye-pu: package json-smart/2.2-2+deb11u1

    From Moritz =?UTF-8?Q?M=C3=BChlenhoff?=@21:1/5 to All on Sat Apr 13 16:10:01 2024
    XPost: linux.debian.devel.release

    Am Tue, Apr 09, 2024 at 10:01:11AM +0200 schrieb Andreas Beckmann:
    Package: release.debian.org
    Severity: normal
    Tags: bullseye
    User: release.debian.org@packages.debian.org
    Usertags: pu
    X-Debbugs-Cc: Bastien Roucariès <rouca@debian.org>
    Control: affects -1 + src:json-smart
    Control: block 1039985 with -1
    Control: block 1033474 with -1

    [ Reason ]
    Two CVEs were fixed in buster-lts, but not yet in bullseye or later,
    causing version skew on upgrades:

    CVE-2023-1370 / #1033474 is unfixed in sid, and being fixed in unstable
    is a pre condition for a point update.

    Bastien, since you fixed it in buster-lts, can you please also take care
    of addressing unstable?

    Cheers,
    Moritz

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jonathan Wiltshire@21:1/5 to Andreas Beckmann on Mon Apr 22 19:10:06 2024
    XPost: linux.debian.devel.release

    Control: tag -1 confirmed

    On Tue, Apr 09, 2024 at 10:01:11AM +0200, Andreas Beckmann wrote:
    +++ b/debian/patches/0004-CVE-2021-31684-Fix-indexOf.patch
    @@ -0,0 +1,27 @@
    +From: HAPPY <pcy190@126.com>

    Well if that doesn't tickle my antennae nothing will :)

    Please go ahead.

    Thanks,

    --
    Jonathan Wiltshire jmw@debian.org
    Debian Developer http://people.debian.org/~jmw

    4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)