It seems this has stalled. Most distros have already released a patched
version of libspf2. While I agree it's unclear whether the currently
available patch fixes this CVE, it does however fix an underflow that
would be relevant to release as a security fix, I think. Libspf2 has
tried to reach
Hi Magnus,
On Sat, Oct 21, 2023 at 08:09:35PM +0200, Magnus Holmgren wrote:
> Wednesday, 18 October 2023 11:56:01 CEST, Salvatore Bonaccorso wrote:
> > On Fri, Oct 13, 2023 at 12:05:19PM +0200, Bert Van de Poel wrote:
> > > As already outlined on
> > > https://security-tracker.debian.org/tracker/C
Wednesday, 18 October 2023 11:56:01 CEST, Salvatore Bonaccorso wrote:
> On Fri, Oct 13, 2023 at 12:05:19PM +0200, Bert Van de Poel wrote:
> > As already outlined on
> > https://security-tracker.debian.org/tracker/CVE-2023-42118 there's a
> > known security issue in libspf2 found through a security
Dear Salvatore,
I don't disagree with your statement. However, many have already tried
to reach ZDI and have not received clear communication. Perhaps Debain
can add to the pressure to get more clarity? While the ZDI webpage on
this CVE claims they contacted the developer, it's unclear whether
Hi,
On Fri, Oct 13, 2023 at 12:05:19PM +0200, Bert Van de Poel wrote:
> Package: libspf2-2
> Version: 1.2.10-7.1~deb11u1
> Severity: critical
> Tags: security patch
> Justification: root security hole
> X-Debbugs-Cc: Debian Security Team
>
>
> As already outlined on
> https://security-tracker.d
Package: libspf2-2
Version: 1.2.10-7.1~deb11u1
Severity: critical
Tags: security patch
Justification: root security hole
X-Debbugs-Cc: Debian Security Team
As already outlined on
https://security-tracker.debian.org/tracker/CVE-2023-42118 there's a known
security issue in libspf2 found through
6 matches
Mail list logo