[From nobody Sun Apr 19 12:21:09 2026 Received: (at 1124407-close) by bugs.debian.org; 19 Apr 2026 11:19:06 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-114.2 required=4.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FVGT_m_MULTI_ODD, HAS_BUG_NUMBER,MD5_SHA1_SUM,PGPSIGNATURE,SPF_HELO_PASS,SPF_NONE, USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 90; hammy, 150; neutral, 151; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--HX-DAK:process-upload, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo. Return-path: <envelope@ftp-master.debian.org> Received: from mailly.debian.org ([2001:41b8:202:deb:6564:a62:52c3:4b72]:58142) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wEQB8-001gcY-2V for 1124407-close@bugs.debian.org; Sun, 19 Apr 2026 11:19:06 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by mailly.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wEQB7-00AaiK-1W for 1124407-close@bugs.debian.org; Sun, 19 Apr 2026 11:19:05 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=Dge477/TP030eb9HOiQthcQi95dzaGStiRXv6Qs23k0=; b=Oiuoje1SpA4v2Sx79RgtBxVBUa 3o/nwOX4nUX5rfSXs8/0N/BvoFeFc92IirBwcXMeZH7EPjhfWTBp9Nb/ONDkR8ASi49kCoVGRo8yY Lbx6oJESxyXWMy+o2PJRDo4AS/xjnOZehvrI2a0jbHIEMqX9jjKngQzU3tzeHxf99fnL+lW1JIZ9/ 6/CYlHl6NoAjzvFFokYb2eUY590Qwkmfy3N8cjAkuFgStw/8r/rif3L5EpRMMEL2Ub+9GljBSZMfq 4Ab8le2mHobAPG4DVKeYnVuCoW7d4ppykNAD+nXXO/ujr81dELYMM3J0D3CiTdKgzsCVrrZ8tjLTm 2qUaCthA==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1wEQB6-00000002ZdP-20C1; Sun, 19 Apr 2026 11:19:04 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Thorsten Alteholz <debian@alteholz.de> To: 1124407-close@bugs.debian.org X-DAK: dak process-upload X-Debian: DAK X-Debian-Package: libcoap3 Debian: DAK Debian-Changes: libcoap3_4.3.5-3_source.changes Debian-Source: libcoap3 Debian-Version: 4.3.5-3 Debian-Architecture: source Debian-Suite: unstable Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1124407: fixed in libcoap3 4.3.5-3 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============8073865088088620862==" Message-Id: <E1wEQB6-00000002ZdP-20C1@fasolo.debian.org> Date: Sun, 19 Apr 2026 11:19:04 +0000 --===============8073865088088620862== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: libcoap3 Source-Version: 4.3.5-3 Done: Thorsten Alteholz <debian@alteholz.de> We believe that the bug you reported is fixed in the latest version of libcoap3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1124407@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz <debian@alteholz.de> (supplier of updated libcoap3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 19 Apr 2026 10:23:22 +0200 Source: libcoap3 Architecture: source Version: 4.3.5-3 Distribution: unstable Urgency: medium Maintainer: Debian IoT Maintainers <debian-iot-maintainers@lists.alioth.debia= n.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Closes: 1124407 1134340 Changes: libcoap3 (4.3.5-3) unstable; urgency=3Dmedium . * CVE-2026-29013 (Closes: #1134340) fix out-of-bounds read * CVE-2025-34468 (Closes: #1124407) fix stack-based buffer overflow * debian/contol: bump standard to 4.7.4 (no changes) Checksums-Sha1: e49873bbd6432cd7567084fa6d06eb8594f3d484 2392 libcoap3_4.3.5-3.dsc 4f652109f730eb7494c0880fecd46b049fdabb47 588595 libcoap3_4.3.5.orig.tar.bz2 6cbedf1383120c5738d6131f4c7aeaeafbe1d9d1 15220 libcoap3_4.3.5-3.debian.tar.xz 91cbf47d6023e98f062c26861b6d7e288afeea83 10967 libcoap3_4.3.5-3_amd64.buildi= nfo Checksums-Sha256: 851c930acc0a020dcf221a1b131fbebdabdeb9d81fd770689d6f4cb08328b6ff 2392 libcoa= p3_4.3.5-3.dsc a332b682ceacef4c3130b2fb17851db02020c3f64b8a562c1ffd8d9b8a9320d4 588595 libc= oap3_4.3.5.orig.tar.bz2 7f7ec1b26f3e7a5e2c027d04e049f3eecb262a78b51f479ce16371b4beddcd05 15220 libco= ap3_4.3.5-3.debian.tar.xz 94c35864a91ffdbdb48999d377e86c33e578e54ce1cb914e3164da591d81e613 10967 libco= ap3_4.3.5-3_amd64.buildinfo Files: 41f4dbb879d2407b09ddc6211a0d23e7 2392 libs optional libcoap3_4.3.5-3.dsc 86c5364cd4c5a7d7eb94e560ec777969 588595 libs optional libcoap3_4.3.5.orig.ta= r.bz2 080f553eb8a9fae2ae3ec5137c7e7baf 15220 libs optional libcoap3_4.3.5-3.debian= .tar.xz 9df4aa2f5c72fdd312ae28a09146df89 10967 libs optional libcoap3_4.3.5-3_amd64.= buildinfo -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmnktYJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYRwqyEAChXQz2h+R+cWXh/qBXvyITWZBwbqcQ pR8Ogw/uNN7trwYsiNcHMgk40Cgmb4z9WEubF2SAhKNoQh+HzXrFguFamDDcse4K Ziwfa+ifG8aUIBAeW2/JKoPiVkJX8im/1W26te6PPUg7U2ftKIynGLmYMMd8aWx/ ffNiz+fft/xZwenZNVNtQpmSXURdOHYrKVWYxk9MpeGFhQOLOMeWqrqq0igs+bUz yy4dIWPZDLZK6COfpTgljnoG+BBJ/35lHFwo4rVT6Q1V5TOoGkL4saoOOoTcKhSz NVF54bkbWzKKvL3wE9ektcleoxvTiYrk/74yGxOF8JeJR0hyU10lEYBzHWjd9PNG VT0fTtxj71Ew/kCSh2pwQiP+2MzrVJNJt136239jVEp5EoVToJlvBOy8eqzzTuf3 gGshLDDODxkViVSdHdZJwndfp7S024SGGCyTz/nrevjtSa6zrKWFgQImBXeX6Jcm JW3H8BbrphFF5p58dsIUZI55H4XwhnbT7mRg85rgXPna/tDkIAY+DS1QjskoKHqd X7ciTQDahM/GpqFHHc19Kmoqx8K2SjK5vewVuuZTAlmvYc0nG16VbVsburE5zKak DbC8MyDxWyChzgEzur6EaPoQZ8sjasT9E0iFu8Uq30n6xxYE8eMl7wEphYOGxh9b hUJm/LfVMUesTQ=3D=3D =3Dgeax -----END PGP SIGNATURE----- --===============8073865088088620862== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaeS6KAAKCRCb9qggYcy5 IeMRAQDMCwh3ecUPLT/1GGJ94Xchdiuf3/UQe+g/sKD6/ka+ygEA1muip3Fi5hTG i+zJ92i5we+iGOSkckLhnXUXUJc+xgI= =Gn07 -----END PGP SIGNATURE----- --===============8073865088088620862==-- ]