Bug#1053870: CVE-2023-42118: integer underflow in libspf2 resulting in RCE

It seems this has stalled. Most distros have already released a patched version of libspf2. While I agree it's unclear whether the currently available patch fixes this CVE, it does however fix an underflow that would be relevant to release as a security fix, I think. Libspf2 has tried to reach

Bug#1053870: CVE-2023-42118: integer underflow in libspf2 resulting in RCE

so, and Debian is lagging behind. This is even more serious considering exim is the default MTA on Debian, while many other distros opt for postfix. Kind regards, Bert Van de Poel On 18/10/2023 11:56, Salvatore Bonaccorso wrote: Hi, On Fri, Oct 13, 2023 at 12:05:19PM +0200, Bert Van de Poel

Bug#1053870: CVE-2023-42118: integer underflow in libspf2 resulting in RCE

Package: libspf2-2 Version: 1.2.10-7.1~deb11u1 Severity: critical Tags: security patch Justification: root security hole X-Debbugs-Cc: Debian Security Team As already outlined on https://security-tracker.debian.org/tracker/CVE-2023-42118 there's a known security issue in libspf2 found through

Bug#976435: ITP: eutl -- The European Union Trust List is a collection of CA certificates of Trust Service Providers compiled by member states within the framework of the eIDAS regulation for purposes

Package: wnpp Severity: wishlist Owner: Bert Van de Poel * Package name : eutl Version : date based? Upstream Author : The European Union * URL : https://ec.europa.eu/digital-single-market/en/eu-trusted-lists * License : NA Programming Lang: NA Description : The European Union Trust List