Source: vtk9 Followup-For: Bug #1114938 X-Debbugs-Cc: Debian Security Team <[email protected]>
The issue with paraview's embedded copy of VTK is finally being resolved with paraview 6 and vtk 9.5, though that won't help bookworm. The patch being considered here for VTK looks more or less trivial, meaning it should be simple enough to apply it to both vtk and paraview in bookworm. The upstream patch is https://gitlab.kitware.com/vtk/vtk/-/commit/db8f9efca220c9d16a30958e179abae3379d0011
