Hello Moritz, I am working on creating a patch for the two lower severity CVEs on the gh package in addition to the current pach for the grave severity bug I've already submitted. The current patch for the latter CVE which I've submitted has been tested and is also known to apply cleanly to both gh in unstable and bookworm releases.
I have a patch that applies cleanly CVE-2024-54132 although has not been heavily tested yet and also has one reject when applied to bookworm. The final CVE requires touching quite a few different files and will take some time to complete. The changes from upstream that fix the issue do not apply cleanly to unstable or bookworm, but I am about 75% complete on getting it into unstable. Once that is complete, we will have all three CVEs resolved in unstable. -- Loren M. Lang lor...@north-winds.org http://www.north-winds.org/ IRC: penguin359 Public Key: http://www.north-winds.org/lorenl_pubkey.asc Fingerprint: 7896 E099 9FC7 9F6C E0ED E103 222D F356 A57A 98FA
signature.asc
Description: PGP signature
