Am 08.10.22 um 12:33 schrieb Sebastien CHAVAUX:
To my knowledge, CVE-2022-39209 concerns versions of cmark-gfm before
0.29.0.gfm.3 and 0.28.3.gfm.21:
This vulnerability has been patched in the following cmark- | gfm
versions 0.29.0.gfm.3 and 0.28.3.gfm.21.
https://security-tracker.debian.org/tracker/CVE-2022-24724
That is right for CVE-2022-24724 but CVE-2022-39209 != CVE-2022-24724.
I replaced the lintian message in debian/source/lintian-overrides
precisely to avoid an overflow error, in short, it's been done since a
yawn without ever causing any problems, for proof it's already the case
in the ghostwriter version in backport (2.0.2-2~bpo11+1), that's what I
was advised to do at the time.
I do not know what that means. I do not care about the lintian override
but the non-source files.
