Hi Chris, On Fri, Feb 21, 2025 at 12:05:21PM +0000, Chris Lamb wrote: > > The following vulnerability was published for musl. > > > > CVE-2025-26519[0]: > > | musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds > > | write vulnerability when an attacker can trigger iconv conversion of > > | untrusted EUC-KR text to UTF-8. > > Just wondering whether you had plans to fix this CVE in unstable? I'd > like to fix this in the various LTS and ELTS distributions, but after > consulting with colleagues, we think it should be fixed via unstable > (and, more importantly, testing) first. > > A related question, perhaps — do you know if upstream have an ETA > surrounding a 1.2.6 release?
I'll upload a fix this weekend. But unfortunately I don't know if upstream plans to release 1.2.6 soon. Kind regards, Reiner
