thanks for the update. I didn't see anything security related in the changelog for 1.1.20. Did I miss something? CVE-2019-13508 seems to have been fixed with 1.1.11, so all Fedora should be save already.
But in various CVE's descriptions there is a misundestanding whether "< 1.1.11" or "<= 1.1.11" should be used for affected versions. It leads to a sutiation that there are already two (!) mistaken bugzilla report about this CVE, whereas the problem was actually fixed months ago...
To avoid further mistakes, I just update to the latest 1.1.20.
To trigger any bureaucracy things, I specify "security" and "high", to avoid broken assumptions that there is no proper update after the CVE report.
This update has been submitted for testing by buc.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
Hallo @buc,
thanks for the update. I didn't see anything security related in the changelog for 1.1.20. Did I miss something? CVE-2019-13508 seems to have been fixed with 1.1.11, so all Fedora should be save already.
Cheers
Sure.
But in various CVE's descriptions there is a misundestanding whether "< 1.1.11" or "<= 1.1.11" should be used for affected versions. It leads to a sutiation that there are already two (!) mistaken bugzilla report about this CVE, whereas the problem was actually fixed months ago...
To avoid further mistakes, I just update to the latest 1.1.20.
To trigger any bureaucracy things, I specify "security" and "high", to avoid broken assumptions that there is no proper update after the CVE report.
This update has been pushed to testing.
Thanks for the clarification (and for trying to clean up the reported mess).
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by bodhi.
This update has been pushed to stable.