Source: tcpslice Version: 1.3-2 Severity: grave Tags: security upstream Forwarded: https://github.com/the-tcpdump-group/tcpslice/issues/11 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for tcpslice. CVE-2021-41043[0]: | Use after free in tcpslice triggers AddressSanitizer, no other | confirmed impact. The impact is not confirmed to be exploitable TTBOMK so far, but the severity is choosen as better safe than sorry afterwards. Can you update tcpslice first in unstable? Possibly ideally directly to 1.5 containing other fixes. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-41043 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41043 [1] https://github.com/the-tcpdump-group/tcpslice/issues/11 [2] https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a Please adjust the affected versions in the BTS as needed. Regards, Salvatore
