Dear Security Team, On Sat, Jun 01, 2024 at 04:57:53PM +0200, Salvatore Bonaccorso wrote: > [...] > [0] https://security-tracker.debian.org/tracker/CVE-2024-5564 > https://www.cve.org/CVERecord?id=CVE-2024-5564
An updated package containing upstream's fix has just been uploaded and is waiting to be processed for unstable. Upstream's fix: https://github.com/jpirko/libndp/commit/05e4ba7b0d126eea4c04387dcf40596059ee24af (as referenced from https://github.com/jpirko/libndp/issues/26 and already seen by carnil) Debian change: https://salsa.debian.org/debian/libndp/-/commit/a6136d60ef278c1aebee32f805ff473f0ee6ef99 The corresponding Debian change applies cleanly on bookworm / stable (naturally, as until today bookworm and sid both had libndp 1.8-1) and also on bullseye / oldstable and buster / oldoldstable (both having libndp 1.6-1). I could prepare packages targeting (old)stable, if so desired. Or would it be easier for you if you just take over from here? Cheers, Flo
signature.asc
Description: PGP signature
