Hey Reiner,
Salvatore Bonaccorso wrote:
> The following vulnerability was published for musl.
>
> CVE-2025-26519[0]:
> | musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds
> | write vulnerability when an attacker can trigger iconv conversion of
> | untrusted EUC-KR text to UTF-8.
Just wondering whether you had plans to fix this CVE in unstable? I'd
like to fix this in the various LTS and ELTS distributions, but after
consulting with colleagues, we think it should be fixed via unstable
(and, more importantly, testing) first.
A related question, perhaps — do you know if upstream have an ETA
surrounding a 1.2.6 release?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-
