Bug#991370: libmatio: CVE-2020-36428
Sébastien Villemot
sebastien at debian.org
Wed Mar 30 20:08:00 BST 2022
Hi Salvatore,
Le mercredi 30 mars 2022 à 20:59 +0200, Salvatore Bonaccorso a écrit :
> Whee does this information come from that this issue is fixed in
> 1.5.22 upstream?
It’s what upstream changelog for 1.5.22 says:
https://salsa.debian.org/science-team/libmatio/-/blob/master/NEWS#L6
> The OSV-2020-799.yaml cannot be taken into account because it was
> marked as such as consequence of
> https://github.com/google/oss-fuzz-vulns/issues/12 as far i can see.
> Actually it looks that tbeu considers it invalid issue? If this turned
> not to be true, what is the fix?
If upstream is wrong, then I have no idea what would be the fix.
Best wishes,
--
⢀⣴⠾⠻⢶⣦⠀ Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁ Debian Developer
⢿⡄⠘⠷⠚⠋⠀ https://sebastien.villemot.name
⠈⠳⣄⠀⠀⠀⠀ https://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/debian-science-maintainers/attachments/20220330/87d9ed3f/attachment.sig>
More information about the debian-science-maintainers
mailing list