Your message dated Sun, 31 May 2026 15:52:21 +0200
with message-id <[email protected]>
and subject line Close as already fixed
has caused the Debian Bug report #1125060,
regarding llama.cpp: CVE-2026-21869
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1125060: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125060
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: llama.cpp
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for llama.cpp.
CVE-2026-21869[0]:
| llama.cpp is an inference of several LLM models in C/C++. In commits
| 55d4206c8 and prior, the n_discard parameter is parsed directly from
| JSON input in the llama.cpp server's completion endpoints without
| validation to ensure it's non-negative. When a negative value is
| supplied and the context fills up, llama_memory_seq_rm/add receives
| a reversed range and negative offset, causing out-of-bounds memory
| writes in the token evaluation loop. This deterministic memory
| corruption can crash the process or enable remote code execution
| (RCE). There is no fix at the time of publication.
https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-8947-pfff-2f3c
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-21869
https://www.cve.org/CVERecord?id=CVE-2026-21869
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Version: 7593+dfsg-1
I can confirm that the issue was resolved upstream in version 6890.
--- End Message ---
