[Debian-iot-maintainers] Bug#1056936: bookworm-pu: package glewlwyd/2.7.5-3
Nicolas Mora
nicolas at babelouest.org
Mon Nov 27 00:17:12 GMT 2023
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: glewlwyd at packages.debian.org
Control: affects -1 + src:glewlwyd
(Please provide enough information to help the release team
to judge the request efficiently. E.g. by filling in the
sections below.)
[ Reason ]
Fix possible buffer overflow in webauthn attestation (CVE-2023-49208)
[ Risks ]
If a crafted webauthn assertion is executed, could
result in denial of service or the execution of arbitrary code
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
The change checks the length of a parameter before copying it into a
fixed size array.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: glewlwyd_2.7.5-3-glewlwyd_2.7.5-3+deb12u1.diff
Type: text/x-patch
Size: 2526 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-iot-maintainers/attachments/20231126/cc1e5086/attachment.bin>
More information about the Debian-iot-maintainers
mailing list