libsolv (0.6.24-1+deb9u2) stretch; urgency=medium * debian/patches: + CVE-2019-20387: Add 0001_CVE-2019-20387.patch. Resolves heap-based buffer over-read in repodata.c (Closes: #949611). + Trivial rebase of patches 1004, 1006 and 2001. -- Mike Gabriel <email address hidden> Thu, 30 Jan 2020 18:49:35 +0100