Hi Roberto, On Thu, Dec 19, 2019 at 08:06:19PM -0500, Roberto C. Sánchez wrote: > On Thu, Dec 19, 2019 at 09:19:19PM +0100, Salvatore Bonaccorso wrote: > > > > The following vulnerability was published for cyrus-sasl2. > > > > CVE-2019-19906[0]: > > Off by one in _sasl_add_string function > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > Hi Team, > > Is anybody already working on this update? If not, I can start on it > possibly tomorrow or perhaps the day after. > > Salvatore, > > If I (or someone else on the team) prepares the upload, do we go ahead > and make the upload then let the security team handle the DSA > publication?
I already started yesterday, and have buster and stretch packages, will likely release the DSA later today or tomorrow. So far tested just lightly for stretch but will double check explicitly against openldap. unstable would need an update as well yet. Can you later import then the changes in the packaging repository in the appropriate branches? Regards, Salvatore
