Salvatore, This is now resolved. The package has been updated to the latest upstream. The changelog mentions this issue specifically as fixed.
Regards, Julius Am Fr., 21. März 2025 um 22:58 Uhr schrieb Salvatore Bonaccorso < car...@debian.org>: > Control: severity -1 normal > > Hi Julius, > > On Fri, Mar 21, 2025 at 10:31:11PM +0100, Julius Pfrommer wrote: > > Salvatore, > > > > This is pretty bare-bones for a CVE. > > And it would not have become one if the submitter had coordinated withe > > upstream project. > > It's essentially a false positive. > > > > The crasher happens in the fuzzing scaffolding, not in the library > itself. > > In this case, a "nice to have" consistency behavior had been added to the > > fuzzing tests as an assert. > > Fixing this made the library better. But this was no segfault that could > > happen in the wild. > > Thanks for reporting back quickly. I will lower the severity to > normal. > > > We are working on updating the package to the v1.4.11 upstream release. > > That will fix this. > > Ack. > > Regards, > Salvatore >
