Source: gsl Version: 2.8+dfsg-3 Severity: important Tags: security upstream Forwarded: https://lists.gnu.org/archive/html/bug-gsl/2024-09/msg00000.html X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for gsl. CVE-2024-50610[0]: | GSL (GNU Scientific Library) through 2.8 has an integer signedness | error in gsl_siman_solve_many in siman/siman.c. When params.n_tries | is negative, incorrect memory allocation occurs. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-50610 https://www.cve.org/CVERecord?id=CVE-2024-50610 [1] https://lists.gnu.org/archive/html/bug-gsl/2024-09/msg00000.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
