Hi, On Sat, Jul 13, 2024 at 02:37:32PM +0200, Petter Reinholdtsen wrote: > > Package: release.debian.org > Affects: dmitry > > The <URL: https://tracker.debian.org/pkg/dmitry > package in stable, > version 1.3a-1.2, got a few security issues that could be fixed. These > are CVE-2024-31837, CVE-2020-14931 and CVE-2017-7938. I would like to > update these in bookworm, and have prepared the change in the git > repository, in the debian/bookworm branch. Here is the complete > proposed patch, including an update of the maintainer to reflect that > the package is orphaned. > > diff --git a/debian/changelog b/debian/changelog > index 2ebd04d..5f23771 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,14 @@ > +dmitry (1.3a-1.2+deb12u1) UNRELEASED; urgency=medium > + > + * QA upload. > + > + * Fix format string bug (#3). > + * Fix handling externally-controlled format strings and buffer overflows > + * Do not let frmtdbuff overflow in nic_format_buff. > + * Switched maintainer to QA group, to reflect the packages orphaned state.
Can you add as well the known CVE id references to the debian/changelog entries, which will facilitate the tracking of the fix? Regards, Salvatore
