Bug#1035352: libgetdata8: Patch for CVE-2021-20204 still present, and still breaks many regression tests
Graeme Smecher
gsmecher at threespeedlogic.com
Mon May 1 17:52:04 BST 2023
Package: libgetdata8
Version: 0.11.0-6
Severity: important
X-Debbugs-Cc: gsmecher at threespeedlogic.com
Dear Maintainer,
The CVE-2021-20204 patch (debian/patches/CVE-2021-20204.patch) is still present
in the build tree. As reported in #2292437, this patch breaks many of the "make
check" tests in the upstream package. With the patch in place, libgetdata also
does not recognize many of my dirfiles (which use MPLEX or LINCOM
functionality).
I believe this patch is no longer necessary, since a fix for the CVE is
included in the current upstream source code. Please consider removing it.
Thanks again for all your efforts as a maintainer. I'm grateful for all you do.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-3-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libgetdata8 depends on:
ii libc6 2.36-8
ii libltdl7 2.4.7-5
ii libpcre3 2:8.39-15
libgetdata8 recommends no packages.
libgetdata8 suggests no packages.
-- no debconf information
More information about the debian-science-maintainers
mailing list