[Bug 1911473] Re: Placeholder for ghsa-4ppf-fxf6-vxg2

2021-01-14 Thread Andrew Hayzen
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-21261 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1911473 Title: Placeholder for ghsa-4ppf-fxf6-vxg2 To manage notifications abou

[Bug 1911473] Re: Placeholder for ghsa-4ppf-fxf6-vxg2

2021-01-14 Thread Andrew Hayzen
@Paulo hirsute - can sync 1.8.5 from debian sid which contains the fix. groovy - is a tricky one as it is one step behind in terms of microreleases (1.8.3) so either needs backporting or bumping to 1.8.5 focal - upstream have created a branch for me with relevant patches that allow it to build,

[Bug 1911473] Re: Placeholder for ghsa-4ppf-fxf6-vxg2

2021-01-14 Thread Paulo Flabiano Smorigo
Ok thanks. I've tried to backport all commits with "Part-of: GHSA-4ppf- fxf6-vxg2" for hirsute but it fails to build. More commits are required in order to work. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.ne

[Bug 1911473] Re: Placeholder for ghsa-4ppf-fxf6-vxg2

2021-01-14 Thread Andrew Hayzen
@Paulo, Hi yes there is no CVE yet, but I believe upstream have requested one via github (I can see it says one has been requested). I will also try to submit debdiffs for Ubuntu 20.04 shortly (hopefully later tonight if testing goes well). -- You received this bug notification because you are a

[Bug 1911473] Re: Placeholder for ghsa-4ppf-fxf6-vxg2

2021-01-14 Thread Paulo Flabiano Smorigo
Hello Andrew, it seems that there is no CVE assigned to it, right? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1911473 Title: Placeholder for ghsa-4ppf-fxf6-vxg2 To manage notifications about thi

[Bug 1911473] Re: Placeholder for ghsa-4ppf-fxf6-vxg2

2021-01-14 Thread Andrew Hayzen
This is now public. ** Information type changed from Private Security to Public Security ** Description changed: Placeholder for ghsa-4ppf-fxf6-vxg2 as I prepare the debdiffs. This issue will be made public I believe on 14/01/2021 daytime CET. - [Impact] Versions in Ubuntu righ