Thank you for taking the time to respond. I will try to get hold of the maintainers.
I've already mitigated on my systems as a precautionary measure. I can see that the Debian team is already on this: https://security-tracker.debian.org/tracker/CVE-2021-32749 I am sure the Ubuntu package maintainers are aware. https://packages.ubuntu.com/focal/fail2ban ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-32749 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939870 Title: The package fail2ban is vulnerable to arbitrary command execution via CVE-2021-32749. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fail2ban/+bug/1939870/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
