Hi, Le 22/12/2024 à 11:42, Bastien Roucariès a écrit :
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-CC: Pierre Gruet <p...@debian.org>(Please provide enough information to help the release team to judge the request efficiently. E.g. by filling in the sections below.) [Reason] CVE-2024-47072: stack overflow [ Impact ] Remote DoS is likely possible [ Tests ] Manual test test does not backport [ Risks ] Code is simple. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] * Team upload * Fix CVE-2024-47072: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream. (Closes: #1087274) [ Other info ] pgt will likely review
I was the one who fixed CVE-2024-47072 in unstable. The source debdiff that rouca attached looks good to me.
All the best, -- Pierre
OpenPGP_signature.asc
Description: OpenPGP digital signature
