Ola Lundqvist writes:
> Do we have an idea on how a good patch would look like?
OK, I think a patch may not be as simple as I hoped.
CheckDetachedSignature() is where we decode the packet and determine the
hash function used.
But this function is not supplied the headers so it cannot check the
Hi Brian
Yes it is not that good that we mark the issue as fixed. The question is
how we convince upstream that this is actually a problem.
Do we have an idea on how a good patch would look like?
If we are close to fixing the issue we can just wait and then issue a new
DLA-xxx-2 where we update
Hours worked:
31 hours
DLAs released:
DLA-2309-1 evolution-data-server
CVE-2020-16117
DLA-2320-1 golang-github-seccomp-libseccomp-golang
CVE-2017-18367
DLA-2326-1 htmlunit
CVE-2020-5529
DLA-2329-1 libetpan
CVE-2020-15953
DLA-2330-1 jruby
CVE-2017-17742 CVE-2019-8320 CVE-2019-8321 CVE-2019-832
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
August was my 30th month as a Debian LTS paid contributor. I had a total of
10 hours. I spent all of them for the following:
* ark: Fix CVE-2020-24654 and CVE-2020-16116 partially (though GUI works
CLI still escapes path traversal archives). Rep
Hi Brian,
On 09/09/2020 00:55, Brian May wrote:
> Looking at:
>
> https://security-tracker.debian.org/tracker/CVE-2019-9512
> https://security-tracker.debian.org/tracker/CVE-2019-9514
>
> Under "golang-1.7" release stretch it says "vulnerable".
>
> But in the notes, there is:
>
> [stretch] - g
Hi Brian,
> https://security-tracker.debian.org/tracker/CVE-2019-9512
> https://security-tracker.debian.org/tracker/CVE-2019-9514
>
> Under "golang-1.7" release stretch it says "vulnerable".
>
> But in the notes, there is:
>
> [stretch] - golang-1.7 (Minor issue)
Good spot. I'm not quite sure wh
