Bug#992437: libgetdata8: Patch for CVE-2021-20204 breaks many regression tests
Graeme Smecher
gsmecher at threespeedlogic.com
Wed Aug 18 16:19:40 BST 2021
Package: libgetdata8
Version: 0.10.0-10
Severity: important
Dear Maintainer,
The current patch [1] for CVE-2021-20204 [2] breaks many (602 of 1638)
regression tests (via "make check") and impacts basic library function.
Downstream software is impacted (hence, Debian bug #992372 on KST.)
For example: any dirfile with LINCOM fails to be recognized as a dirfile.
Upstream has been notified of the CVE and will hopefully respond with their own
patch.
thanks,
Graeme
[1]: https://salsa.debian.org/science-
team/libgetdata/-/commit/61275e4c051090ce11467207eb361a6d81c405d9
[2]: https://nvd.nist.gov/vuln/detail/CVE-2021-20204
-- System Information:
Debian Release: 11.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.9.0-2-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libgetdata8 depends on:
ii libc6 2.31-11
ii libltdl7 2.4.6-15
libgetdata8 recommends no packages.
libgetdata8 suggests no packages.
-- no debconf information
More information about the debian-science-maintainers
mailing list