Hi Romain, On Fri, Nov 06, 2020 at 07:01:46PM +0100, Romain Francoise wrote: > Hi, > > On Fri, Nov 6, 2020 at 1:48 PM Salvatore Bonaccorso <car...@debian.org> wrote: > > The following vulnerability was published for tcpdump. > > > > CVE-2020-8037[0]: > > | The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a > > | large amount of memory. > > Thanks for the bug report. I am aware of this CVE and working on a new > upload to unstable. > Is this no-dsa?
Yes it does not warrant a DSA, but if you are at it and have capacity for it, please do include a fix for it in the upcoming point release (cf. https://lists.debian.org/debian-live/2020/11/msg00000.html). Regards, Salvatore