I made a mistake on CVE-2020-36317 and CVE-2020-36318 patches. The names of the patches are incorrect (I put 2021 instead of 2020)
Yao Wei (This email is sent from a phone; sorry for HTML email if it happens.) > On Apr 25, 2021, at 08:57, Yao Wei <m...@debian.org> wrote: > > tag -1 patch > thanks > > Attached is the proposed patch onto debian repo for this bug. Note > that because the patch order is important (one patch depends on another). > > Some tests on the original PRs did not apply because there were no such > files in 1.48 > > Please review before apply since I don't know whether any of these CVEs > are introduced by changes not in 1.48. > > Thanks, > Yao Wei > <0001-CVE-fixups-Closes-986803.patch>
