Dne 28. 05. 26 v 13:19 Guilhem Moulin napsal(a):
So this is probably an upstream bug introduced in 1.6.16 and backported to debian 12 in DSA 6301-1No, that's an issue I introduced in the custom (Debian-specific) fix for CVE-2026-48843. (The upstream fix introduces a new dependency which is not in Debian, so we need a custom native solution for older suites.) Noticed the issue as I was working on backport for Bullseye LTS, but unfortunately not in time for DSA 6301-1. It's already fixed in the repository at
Thanks for the info, I see updated packages for bullseye, but no advisory yet. Is it safe to install them?
Best regards Vladislav Kurz
OpenPGP_signature.asc
Description: OpenPGP digital signature
