Hi Salvatore, On Sat, 2026-05-30 at 18:29 +0200, Sven Geuer wrote: > Hi Salvatore, > > On Sat, 2026-05-30 at 17:00 +0200, Salvatore Bonaccorso wrote: > > [...] can you as well fix the issue in trixie and bookworm via the > > next (and for bookworm last) point release? [...] > > That's already on my list.
Meanwhile I looked deeper into this and found that the buffer overflow was already reported in Apr 2013 with bug #705894 [1] and fixed in Oct 2014 with version arpwatch/2.1a15-1.3, available as patch [2] since arpwatch/2.1a15-2. Only the buffer size was not increased resulting in long host names being truncated, however no overflows could happen anymore. Thus, in my opinion, uploads to trixie and bookworm are not required. Let me know if you concur or not. Regards Sven [1] https://bugs.debian.org/705894 [2] https://sources.debian.org/src/arpwatch/2.1a15-2/debian/patches/41_bug705894-long-hostnames -- GPG Fingerprint 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585
signature.asc
Description: This is a digitally signed message part
