[pkg-go] Bug#986593: syncthing: CVE-2021-21404
Simon Frei
freisim93 at gmail.com
Fri Jun 25 22:00:32 BST 2021
The linked commit applies cleanly - patch is attached for convenience.
Also I have filed four important bugfixes with patches a while ago, that
I'd consider much higher priority that this security issue:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983667
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983668
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983669
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983670
In the meantime another, even more important bugfix happened upstream,
bug and patch are here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990330
I'd appreciate if they could also be part of the stable release. And as
I mentioned before, I'd be happy to keep backporting important bugfixes.
Best,
Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2021-21404.patch
Type: text/x-patch
Size: 642 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-go-maintainers/attachments/20210625/461cec26/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-go-maintainers/attachments/20210625/461cec26/attachment-0001.sig>
More information about the Pkg-go-maintainers
mailing list