Bug#929597: CVE-2019-12211 CVE-2019-12212 CVE-2019-12213 CVE-2019-12214

Salvatore Bonaccorso carnil at debian.org
Fri Dec 27 15:46:25 GMT 2019


HI Hugo,

On Fri, Dec 27, 2019 at 04:37:45PM +0100, Hugo Lefeuvre wrote:
> > As there will not be a fix for all CVEs in one go, let's split the bug
> > for the benefit of tracking the fixes. CVE-2019-12211 and
> > CVE-2019-12213  have the same upstream change, so will clone this into
> > three.
> 
> thanks Salvatore!
> 
> regarding CVE-2019-12213 and CVE-2019-12211 in unstable: I have asked
> upstream about his plans to release 3.18.1 but did not receive any answer
> yet.  I suppose that we should cherry pick the patch if we want a quick
> fix.

Sounds like a sensible plan, if we are going to release updates as
well for stretch and buster, so that there is not "regression" (I mean
timewise, in case upstream will not land a new version) for buster ->
bullseye updates.

Regards,
Salvatore



More information about the debian-science-maintainers mailing list