libsolv (0.6.35-2+deb10u1) buster; urgency=medium * debian/patches: + CVE-2019-20387: Add 0001_CVE-2019-20387.patch. Resolves heap-based buffer over-read in repodata.c (Closes: #949611). + 1006_various-types.patch: Trivial rebase. -- Mike Gabriel <email address hidden> Thu, 30 Jan 2020 22:58:10 +0100