You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am the Debian maintainer of sqlite-jdbc, and I would like to fix CVE-2023-32697 in Debian.
Still, we are very close to the release of Debian 12 and it is not possible to upload Version 3.41.2.2, I can only cherry-pick some commits so that changes to the Debian-packaged software remain small.
I feel that commit edb4b8a is the one that fixes CVE-2023-32697, do you confirm? Is it enough if I cherry-pick this only commit?
Thanks a lot for your help,
Best,
--
Pierre
The text was updated successfully, but these errors were encountered:
Forgive me for writing again quite quickly, but I feel it is really important to be able to fix the CVE in Debian, while packaging a new upstream version of sqlite-jdbc is unfeasible as we release Debian 12 in less than 2 weeks.
If you had the opportunity to point me to the commit(s) which fix(es) CVE-2023-32697, it would be really super useful.
Thanks for considering my questions. Still, I was concerned about the precise commit as I was willing to backport only this change in an environment in which changing the whole version was too important as a change.
Still, I am confident commit edb4b8a is the one I was looking for, some colleagues also do. Thus I picked it and I am ok with this situation.
Hello,
I am the Debian maintainer of sqlite-jdbc, and I would like to fix CVE-2023-32697 in Debian.
Still, we are very close to the release of Debian 12 and it is not possible to upload Version 3.41.2.2, I can only cherry-pick some commits so that changes to the Debian-packaged software remain small.
I feel that commit edb4b8a is the one that fixes CVE-2023-32697, do you confirm? Is it enough if I cherry-pick this only commit?
Thanks a lot for your help,
Best,
--
Pierre
The text was updated successfully, but these errors were encountered: