New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Relevant commits for CVE-2021-21289? #568
Comments
Oh as I see it, #548 is the fix for this, right? |
@utkarsh2102 the relevant commits are all in #548: These changes can definitely be backported safely, yes. It's possible that there might be conflicts merging the changes to the tests -- but you can probably just cherry-pick the changes the |
Thanks, @flavorjones! I'll close this once I upload the backported packages to the Debian archive! Thanks for your help! \o/ |
I'm going to close this, but please do update me if you run into any problems! Thank you! |
Hi @flavorjones, Can I get a POC for this? In case it's supposed to be private, could you please email me the same at utkarsh[at]debian[dot]org? Thanks again for your help! 😄 |
Hello @flavorjones,
Thanks for your amazing work on this! \o/
With my Debian maintenance and security hat on, I'd like to know the relevant commits which would be sufficient to fix CVE-2021-21289. I want to backport these changes to v2.7.5 and v2.7.6.
Thanks in advance! :)
The text was updated successfully, but these errors were encountered: