[From nobody Fri May 8 14:23:08 2026 Received: (at 1135997-done) by bugs.debian.org; 8 May 2026 13:21:20 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-17.0 required=4.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HAS_BUG_NUMBER, RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS,VALID_BTS_CONTROL autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 26; hammy, 150; neutral, 52; spammy, 0. spammytokens: hammytokens:0.000-+--exp1, 0.000-+--H*F:U*sebastic, 0.000-+--H*rp:U*sebastic, 0.000-+--H*Ad:D*inutil.org, 0.000-+--H*Ad:U*sebastic Return-path: <sebastic@xs4all.nl> Received: from ewsoutbound.kpnmail.nl ([195.121.94.185]:61117) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <sebastic@xs4all.nl>) id 1wLL8q-000l01-00 for 1135997-done@bugs.debian.org; Fri, 08 May 2026 13:21:20 +0000 X-KPN-MessageId: cadb62ca-4ae0-11f1-8ff5-005056999439 Received: from smtp.kpnmail.nl (unknown [10.31.155.8]) by ewsoutbound.so.kpn.org (Halon) with ESMTPS id cadb62ca-4ae0-11f1-8ff5-005056999439; Fri, 08 May 2026 15:21:16 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=xs4all.nl; s=xs4all01; h=content-type:from:to:subject:mime-version:date:message-id; bh=e4nXkfHe6jsxmgIWQN6EZjSo+3iDLDM7Wn1Pl6jzRnY=; b=fUvi/ABmwrRKyQ1pR83VPo8Osf0Sld4DwsrZC0XitIKOP5n3YnWGgSJsJEETV+xWzScTpMLDnfhMw XSTvWP20drNF0JIdogoamEN5dH7+GkPSGUZNPqsKtD16mrlcLvd1AY/hpHnqicD6TO+faTugS6+jyL rygubCshIu9Yz/KqwpxNsH8uogRW73fnSQG3kQJ/z3ur5mqirhSVMaklieVqHwqWXKvPe1gY5GS96c wP+AN7PC0h1IO5oD+g2lw/FsR9j7WUtq2PXKki+P6sfnU0fQBKQ9P3NIcPhKsjEhiX+KxHcrlTHqFw Pfpx4iSUQX7e9N+H20umldIQoPrKo0g== X-KPN-MID: 33|xNVltFs21NCpHaYucmcy8aMOiHv8/VBT9gLxh2IONtKAU4srieN3GcAJtCcr0iO ClLWOSz2s7AjwErqkKn5DFh2rWs2y+EIhGQKTWVomq24= X-KPN-VerifiedSender: Yes X-CMASSUN: 33|dzDaTMVoEAd0pswKuRb0jQY1dyqx/oSb/BriJCGT3ILdbgnM48EKeE2zSup6Qic VsW7/HmNdCNCrS6FnIOv05A== X-Originating-IP: 77.172.224.45 Received: from [10.0.0.150] (77-172-224-45.fixed.kpn.net [77.172.224.45]) by smtp.xs4all.nl (Halon) with ESMTPSA id cac6577e-4ae0-11f1-9c0c-00505699d6e5; Fri, 08 May 2026 15:21:16 +0200 (CEST) Message-ID: <9319c0b2-995d-4b93-8767-66f7bf20bd68@xs4all.nl> Date: Fri, 8 May 2026 15:21:15 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Bug#1135997: gdal: CVE-2026-8084 CVE-2026-8086 CVE-2026-8087 CVE-2026-8088 To: =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <jmm@inutil.org>, 1135997-done@bugs.debian.org References: <af3gPk0SgDF6iFdG@pisco.westfalen.local> Content-Language: en-US From: Sebastiaan Couwenberg <sebastic@xs4all.nl> Autocrypt: addr=sebastic@xs4all.nl; keydata= xsFNBFCIBxoBEADb2bBkp1eEV8wKQJJ8/j7Fd2LdFz9kmhPVsZG9Igtoow7sDIvu9PBsr4u0 rKV4LjId562nXIbzXX2+YZ3Dbj0Cg4z9PLoYbENuRvcEWwyfhWyz9vNpusarUc7H+Xvym5LP iDzKgNyXVjCrhrHTd0w09S6/zrLOXtcQs91QTvT0+pdFPaUdpNPZpInMJmZeAsh4Sh6OuPEy Mtc5PhcAt/HcJ/jVBY7F7ENtfpH1c4rEMeV3VoU0W/i6rXUY3mtWCFW8hP+ULiBt2Ct2dvwF XF2I+g+jCiQ8Y8BD2u6jiCy0y/gseC2fIyafIpBs0Grv0Qs/Rir80ieVL5A8VnY5e1ZhYsv6 4+dNZ7QZtYHnoZlXofNQ75qcTZvI7Sv4lL/vpwWfaDTUzGPfU6Zn1R7fyOJTMaV+GvBN+SMB 3ZUUloiPhmg6NkOTdOPleajCQNaL5Z8KFaMUH7zCi8ZLT7TNJ26ky7rWUsJpdAGVGXae+tt2 vEsTDYTkaDQ7sYKVvGU21FagVMoVuYDsjhbZE+QbOXjsJSlQ/1oKESfy0kolrgYXHJMFIFFf MMO3toVLNSMwYVXGD9UZPFIEHXpOFP5Qcjh/ICu4szbGtXRlnS47Dc0jCxVVQyTWtTzo3oHV lwz9vAcnCI/OAODU0AwVPV0mWWpTUoFVc9uxMErBVj4PFqtKcQARAQABzSpTZWJhc3RpYWFu IENvdXdlbmJlcmcgPHNlYmFzdGljQHhzNGFsbC5ubD7CwZcEEwEKAEECGwMFCwkIBwMFFQoJ CAsFFgIDAQACHgECF4ACGQEWIQSBgt5BcFZAjWFGUNFnUPEK6I1K8QUCYEWozQUJIomkswAK CRBnUPEK6I1K8QReEAC+HcQuEe/e0GRw3NFDrLMP1ZOV596ef0b4Z9718Q595HKU1tInmTdd 4tmnJ0hiE20g4HNW/8gXMnr7yf/1RSzIicDasgni+MeVlI4o6ts5zrf3gWGhzWIcCKgim/nA ReuYnNWkeCIk4yH5QIpCt8McaPG3hLsFMU3X4y3ct6E/ZXnML6ALUrearOtss7mmzJot+jja XsGmL4T90ni2SvWoeQG5BgZ/+rfmq/l3C6bbLBLX34+yMKUFOpck3HAVMWUlY91b2DSGGWw5 6iAoAsG6w4UFjnaOfWdrtBg8VKQY5hVpRmS4SoSOWoMnf+et+h0fgXTSVWCA6eiU3MKR0heP A4kfXn/Md5a+pNJVI1I71DgIjds16srTGs6Hd7+WunA4r8gKwOkJjBJ7OCF3nc9qJrfSrQsa wgSvnT6w+VK3j8+KMpOBIoRQKsbioYY1fEvNfzUrnJLc6gfJHiLbKbT3gfIJh6BSaxWgI4I8 3aU1LsXi/XIfeAUtOOoNqc80QSESmsi5qtHh+yJOWvrW+SNnrWP+dUkuuqSw4jD1plIWJZ/n Yi+z+bXEpcHCeasFbC+M1nj7+r8zdHQXo4Rot5D9hhhqVQAkRJ71HnW+/vhCLPBWEE2+jDEP kiA92AoYPlCYpIbcPIYD8yO2t1rZdde+6Ume4VUGh2Mbvcnb3nkiEM7BTQRQiAcaARAA1nKS E2Za3UDDiXwVvkwIrb5G5aHoHhw5IVXrw8JVvjQ7bUQkwatgarua16QgCMOvsoFWXwdwE5Ix HzBiHnZZq8j6/W1h2PG4nFms092fLB0C1VeGPScgaDqZGBtWThzY9tTsuQgyHfYagkbxX2kA cocGVxzUYuL3Z1GNDMTUBqDKg5RRKr2Lml0GF4F7zbJBjkEFstehIcDutBm5mQ4BABdMTOLi BfIDIUTj+PN94gfgkCoORJrjgUChYqnt+oUXqOSU5Xz2N5SyY1Gst6o02lZT871pDVuXGBWo jHQKke+W+LqVVaNAbXVX3PqW+0D4EOABFgxiUTNqeBqR73fWNmn2c8gQr19CHuCaLrE55ZGn gR78aGK/JyCEKQQoqLKIP3f2ctcSiP6rQvs97q8uq9DIDfMGY3FXwNAwrMGt0NdXPnv6d1Qo amfz90W7BrBhHUnPq/Eh/vQa9lGTJpAmcVSHhbcPYwi3kq1/MdIMHxJayx5BYOzgWWrHKdDG 70LNhT9RAl9O79Es9PX9WXYDeUXP6JKA4sB9FrtcZ8TrfxGsSwo+9M2NN2raPlv+9wHholdd zheYXZDpEzm6EHKyZj+4UzUtA9b8mtwUDgUt/UT6SNe9zFlPhZYsaPU5ZqcVH27nbFYPqQtf SkT4ixsQreAZQqhI7nix51Z6bUAq0F0AEQEAAcLBfAQYAQoAJgIbDBYhBIGC3kFwVkCNYUZQ 0WdQ8QrojUrxBQJgRar4BQkiiabeAAoJEGdQ8QrojUrxskMP/2Xk8YIEt8JjZffk0HMAWjGd 4FBSsfUv/E5EUBOFu7F2CmcGsgHk9m7RPTf51UacHnct0jhd5o6qSGF6nHS+aFjuxBHp0fWY kqrrCgIMJzB0UkQfy4xAMU/Yr5BnNqale363pigZMqOr1p/xw2gMPe89VieBgC/h5gZ4gP8y 32nUxqX3zaeQg4qQrfTD8nkOzC4kNncRNU5i8paOxrKww9pyvg0uEaZlDZXD34iAVeXY7l+D PlW+u8fXaLhuPAVEiLLLi4lNM07tQKRjxVQlhIx5UKJZhI++snVXnrtvjEk8BNUYATTlVVFy 96ZLqiH3bsMpbvBQcN4/KlolF3IoRxgQ8m4/O30HFLLFTOkdP/yaUGirP7gYxz6LuNcXJNIN cjGG4agSwjJ/4OUtYDUNHBXReQN6IJfWzhKWtMZ2mE2Xix1i41xhUE+sDu6yJ6X8V+NW1j+0 MpUCUbOoC+aB9b4cdGZLr5sAQJEFpW+Gn0X0Aq4zbQQXxT99iNmfR9e8y8Fm0e81v+qUM3f2 +eDWbll9NZJBHJW5PjRBS5rY5UsVWCwxrGkWUtrGuUW20XznQXcWI4NEUzoxj+URRD6qCrHM BeaTDMa+9IAvk3/HPlmz/Or03KIPreUCV3XVdelk9BcdDLAEJu8db0vyQDr7EGn+6rjFfnq0 /KnfM3VBUDvL In-Reply-To: <af3gPk0SgDF6iFdG@pisco.westfalen.local> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit tags 1135997 upstream fixed 1135997 gdal/3.13.0~rc1+dfsg-1~exp1 thanks On 5/8/26 3:08 PM, Moritz Mühlenhoff wrote: > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. Too late for that as gdal (3.13.0+dfsg-1~exp1) entered the archive before this issue was created, and RC1 which includes the fixed for these issues a few days ago. > Please adjust the affected versions in the BTS as needed. I suspect these will be no-dsa issues, so I'm doubtful about the use of that. Kind Regards, Bas -- PGP Key ID: 4096R/6750F10AE88D4AF1 Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1]