Hi, I see that the CVEs now have proper names:
TEMP-1139717-36B614 -> CVE-2026-54706 TEMP-1139716-6892B6 -> CVE-2026-54707 hefee -- On Freitag, 10. Juli 2026 20:43 Salvatore Bonaccorso wrote: > Hi, > > On Fri, Jul 10, 2026 at 06:39:45PM +0200, Hefee wrote: > > Hi Salvatore > > > > actually upstream marked both CVEs as fixed in 2.6.4: > > TEMP-1139716-6892B6 > > TEMP-1139717-36B614 > > > > I uploaded 2.6.4 to unstable, so at least sid and testing will be fixed. > > Unfortunately the diff between 2.6.3 and 2.6.4 is quite big :( So I'm > > currently investigating the source, if I can extract the patches to fix > > the CVEs. > Thanks, I have updated the tracker to reflect the status with fixed > version. > > for trixie, you see we marked it no-dsa, but if it turns out that it > is becoming too complicated, then a point release update might as well > not be realistic. Let us know how it goes. > > > Thanks for all your work! > > Same! Thanks for putting energy into this one here in particular as > well. > > Regards, > Salvatore
signature.asc
Description: This is a digitally signed message part.

