Hi,

I see that the CVEs now have proper names:

TEMP-1139717-36B614 -> CVE-2026-54706 
TEMP-1139716-6892B6 -> CVE-2026-54707

hefee

--

On Freitag, 10. Juli 2026 20:43 Salvatore Bonaccorso wrote:
> Hi,
> 
> On Fri, Jul 10, 2026 at 06:39:45PM +0200, Hefee wrote:
> > Hi Salvatore
> > 
> > actually upstream marked both CVEs as fixed in 2.6.4:
> > TEMP-1139716-6892B6
> > TEMP-1139717-36B614
> > 
> > I uploaded 2.6.4 to unstable, so at least sid and testing will be fixed.
> > Unfortunately the diff between 2.6.3 and 2.6.4 is quite big :( So I'm
> > currently investigating the source, if I can extract the patches to fix
> > the CVEs.
> Thanks, I have updated the tracker to reflect the status with fixed
> version.
> 
> for trixie, you see we marked it no-dsa, but if it turns out that it
> is becoming too complicated, then a point release update might as well
> not be realistic. Let us know how it goes.
> 
> > Thanks for all your work!
> 
> Same! Thanks for putting energy into this one here in particular as
> well.
> 
> Regards,
> Salvatore

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to