On Wed, Oct 04, 2023 at 09:41:10PM +0200, Salvatore Bonaccorso wrote: > Source: snappy-java > Version: 1.1.8.3-1 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > > The following vulnerability was published for snappy-java. > > CVE-2023-43642[0]: > > ...(SNIP)... > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2023-43642 > https://www.cve.org/CVERecord?id=CVE-2023-43642 > [1] > https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5 > [2] > https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv
The latest upstream version 1.1.10.5 has been uploaded to unstable. I will look into what is required to apply the patch referenced above against 1.1.8.3 for bookworm and bullseye.
signature.asc
Description: PGP signature