-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4541-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 21, 2026 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : opam Version : 2.0.8-1+deb11u1 CVE ID : CVE-2026-41082 Andrew Nesbitt discovered that .install file directives were insufficiently restricted in OPAM, a package manager for OCaml. This could result in directory traversal out of the package area. For Debian 11 bullseye, this problem has been fixed in version 2.0.8-1+deb11u1. We recommend that you upgrade your opam packages. For the detailed security status of opam please refer to its security tracker page at: https://security-tracker.debian.org/tracker/opam Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmnnMlUACgkQnUbEiOQ2 gwJNpA//WslomIsb9k3N4O+5z+nE+CWpGb8042pRfb7f5/Q/A/xSYZ+3X3zLY0At yP5e/BgekQ2Y5v8KJR0SPFm9gFrb9uYN+M5vv9E9jfKuR70j45T54S8vFOqYnqiA cYsFBymrpZjL1q/NMWHcMGznCbeT2+yeZsHsKkyaMTonXpNk1kk9ioVyqWXIAWjr On+Krsk+dW6XDXqZ2Ihgs7enPAk+aZlKuWiPHCxuM6MnxtKsDZmtlcUm8ie0Rz24 FOOFDdfunW8CgbisgwXUybfm+DtuqVlwp+ZrJvkIgFCztuC6FwtH5SRvY+asbiVA u53DWoiPaxwAkF877ggiCNqmUcUMxS3QH+o9kgrsQzmZZMCioQj03/cW91FSTOVS feaA9ADQQXsGnzH9iVhmbis+DypdbsKdeknA2uHrZJPjs6YHZSvjHktRx8bkW5xZ 6XilskMLr4yj5ZJ6DrCBZeeDrkYgUwhnIMolrJP4IN4bC7JG6AHZushn2Vb7H8+a jeP8uSQn0Va5KdOm22mg1g/9iw5/nLYAEpikpvbpcXEhnn996+DpIsrSosDpzFHp R6asi3yb33sQd4XpcK3W/4qqmxtxz4tFxyuJujWJjdQncYHfIWaYJrqltj/lR08V Sf9ITvhG19mJ4TXE7vLopo61B1W644cSKzRZdTVENVZWolWnUWI= =uig0 -----END PGP SIGNATURE-----
