Hi Bastian, On Sat, Jun 01, 2024 at 12:41:43PM +0200, Bastian Germann wrote: > Source: sredird > Version: 2.1.0-1 > Severity: serious > Tags: security > X-Debbugs-Cc: secur...@debian.org > > Hi, > > This is affected by CVE-2004-2386, which was marked by the Security Team as > "NOT-FOR-US: sercd" but applies to sredird. There is a fixed version 2.2.2 > available, which I did not find in the Kermit project's download area but > at: > > http://ibiblio.org/pub/linux/system/serial/sredird-2.2.2.tar.gz > https://sources.buildroot.net/sredird/sredird-2.2.2.tar.gz
Note, there is as well CVE-2004-2387. There are not very specific information for both, so it's unclear if CVE-2004-2387 and CVE-2004-2386 are addressed. Where do you have additional information on the issues from? Can you pass us those? Regards, Salvatore
