Package: libyang0.16 Version: 0.16.105-1 Tags: security Severity: grave This is a security issue tracking bug for CVEs: - CVE-2019-19333 - CVE-2019-19334
Both issues are bugs in processing YANG models and may affect users loading or validating untrusted YANG models. This is a relatively rare use case as normal application use of libyang would rely on application supplied models. Fixes are available upstream. As the package maintainer, my plan for unstable is to ship a 0.16.105-2 quickly, followed by actually bringing 1.0.x into unstable. I've contacted the Debian security team wrt. fixing this for buster. -David
