Hi, On Wed, Mar 10, 2021 at 04:45:40PM +0100, Salvatore Bonaccorso wrote: > Control: tags -1 + patch > > Hi, > > On Sun, Feb 28, 2021 at 01:54:37PM +0100, Salvatore Bonaccorso wrote: > > Source: libcaca > > Version: 0.99.beta19-2.1 > > Severity: important > > Tags: security upstream > > Forwarded: https://github.com/cacalabs/libcaca/issues/52 > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > <t...@security.debian.org> > > > > Hi, > > > > The following vulnerability was published for libcaca. > > > > CVE-2021-3410[0]: > > | A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in > > | caca_resize function in libcaca/caca/canvas.c may lead to local > > | execution of arbitrary code in the user context. > > > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2021-3410 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3410 > > [1] https://github.com/cacalabs/libcaca/issues/52 > > Attached is debdiff prepared (not yet uploaded).
Uploaded that debdiff now for unstable (but without using the delayed queue, hope this is okay for you as maintainer). Regards, Salvatore
