On 7/16/25 9:31 AM, Jochen Topf wrote:
Yesterday I released version 1.8.1 of protozero. It basically only contains a security fix (buffer overrun). It would be good if we can get this into Trixie.
Is there a CVE or other reference? The commit [0] nor PR [1] mentioned these. [0] https://github.com/mapbox/protozero/commit/72802a4ffe7fbf2fba75f316da4531d2561f7eea [1] https://github.com/mapbox/protozero/pull/133
The way I am using protozero in my code (libosmium etc.) this bug can not be triggered, but it might affect others.
The other rdeps of protozero in Debian are mapnik & qtlocation-opensource-src. Kind Regards, Bas -- GPG Key ID: 4096R/6750F10AE88D4AF1 Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
