On Thu, Nov 23, 2023 at 10:42:24PM +0100, Salvatore Bonaccorso wrote: > Source: capnproto > Version: 1.0.1-1 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > > Hi, > > The following vulnerability was published for capnproto. > > CVE-2023-48230[0]: > > (SNIP) > > [0] https://security-tracker.debian.org/tracker/CVE-2023-48230 > https://www.cve.org/CVERecord?id=CVE-2023-48230 > [1] > https://github.com/capnproto/capnproto/security/advisories/GHSA-r89h-f468-62w3 > [2] > https://github.com/capnproto/capnproto/commit/5d5d734b0350c6f2e36c3155753e6a19fbfeda9a
Thank you for the bug report and for the Security Tracker entry. I have prepared a package for 1.0.1.1, but want to take a moment before uploading to experimental to consider whether there is a way to patch the vulnerability in 1.0.1 and thereby not have to perform a transition from 1.0.1 -> 1.0.1.1. Cheers, tony
