[Debian-iot-maintainers] Bug#1056936: bookworm-pu: package glewlwyd/2.7.5-3

Nicolas Mora nicolas at babelouest.org
Mon Nov 27 00:17:12 GMT 2023


Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: glewlwyd at packages.debian.org
Control: affects -1 + src:glewlwyd

(Please provide enough information to help the release team
to judge the request efficiently. E.g. by filling in the
sections below.)

[ Reason ]
Fix possible buffer overflow in webauthn attestation (CVE-2023-49208)

[ Risks ]
If a crafted webauthn assertion is executed, could
result in denial of service or the execution of arbitrary code

[ Checklist ]
   [x] *all* changes are documented in the d/changelog
   [x] I reviewed all changes and I approve them
   [x] attach debdiff against the package in (old)stable
   [x] the issue is verified as fixed in unstable

[ Changes ]
The change checks the length of a parameter before copying it into a
fixed size array.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: glewlwyd_2.7.5-3-glewlwyd_2.7.5-3+deb12u1.diff
Type: text/x-patch
Size: 2526 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-iot-maintainers/attachments/20231126/cc1e5086/attachment.bin>


More information about the Debian-iot-maintainers mailing list