Hi Tony, On Fri, Nov 24, 2023 at 11:04:07AM -0800, tony mancill wrote: > On Thu, Nov 23, 2023 at 10:42:24PM +0100, Salvatore Bonaccorso wrote: > > Source: capnproto > > Version: 1.0.1-1 > > Severity: important > > Tags: security upstream > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > <t...@security.debian.org> > > > > Hi, > > > > The following vulnerability was published for capnproto. > > > > CVE-2023-48230[0]: > > > > (SNIP) > > > > [0] https://security-tracker.debian.org/tracker/CVE-2023-48230 > > https://www.cve.org/CVERecord?id=CVE-2023-48230 > > [1] > > https://github.com/capnproto/capnproto/security/advisories/GHSA-r89h-f468-62w3 > > [2] > > https://github.com/capnproto/capnproto/commit/5d5d734b0350c6f2e36c3155753e6a19fbfeda9a > > Thank you for the bug report and for the Security Tracker entry. > > I have prepared a package for 1.0.1.1, but want to take a moment before > uploading to experimental to consider whether there is a way to patch > the vulnerability in 1.0.1 and thereby not have to perform a transition > from 1.0.1 -> 1.0.1.1.
Sure, take the time required for it. Regards, Salvatore
