"That is right for CVE-2022-24724 but CVE-2022-39209 != CVE-2022-24724."
I hadn't seen this one.
"I do not know what that means. I do not care about the lintian override
but the non-source files."
I didn't add anything, everything there is from the project sources.
Le 08/10/2022 à 13:28, Bastian Germann a écrit :
Am 08.10.22 um 12:33 schrieb Sebastien CHAVAUX:
To my knowledge, CVE-2022-39209 concerns versions of cmark-gfm
before 0.29.0.gfm.3 and 0.28.3.gfm.21:
This vulnerability has been patched in the following cmark- | gfm
versions 0.29.0.gfm.3 and 0.28.3.gfm.21.
https://security-tracker.debian.org/tracker/CVE-2022-24724
That is right for CVE-2022-24724 but CVE-2022-39209 != CVE-2022-24724.
I replaced the lintian message in debian/source/lintian-overrides
precisely to avoid an overflow error, in short, it's been done since
a yawn without ever causing any problems, for proof it's already the
case in the ghostwriter version in backport (2.0.2-2~bpo11+1), that's
what I was advised to do at the time.
I do not know what that means. I do not care about the lintian
override but the non-source files.
