I Thank you for reaching out.
This package is team maintained, just do what you need to do :-) Greetings Le lun. 19 janv. 2026 à 08:24, Salvatore Bonaccorso <[email protected]> a écrit : > > Hi, > > [CC'ing explicitly as well Alexandre as having done the last two > uploads] > > On Fri, Jan 16, 2026 at 11:50:00PM +0100, Salvatore Bonaccorso wrote: > > Source: pyasn1 > > Version: 0.6.1-1 > > Severity: important > > Tags: security upstream > > X-Debbugs-Cc: [email protected], Debian Security Team > > <[email protected]> > > > > Hi, > > > > The following vulnerability was published for pyasn1. > > > > CVE-2026-23490[0]: > > | pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a > > | Denial-of-Service issue has been found that leads to memory > > | exhaustion from malformed RELATIVE-OID with excessive continuation > > | octets. This vulnerability is fixed in 0.6.2. > > > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2026-23490 > > https://www.cve.org/CVERecord?id=CVE-2026-23490 > > [1] https://github.com/pyasn1/pyasn1/security/advisories/GHSA-63vm-454h-vhhq > > [2] > > https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970 > > > > Please adjust the affected versions in the BTS as needed. > > Attached the proposed debdiff (not uploaded, neither to delayed yet) > which I would like to use as basis for the trixie-security DSA. > > Regards, > Salvatore
