Bug#1104054: CVE-2025-46421 tests backporting
Sean Whitton
spwhitton at spwhitton.name
Tue May 20 11:07:33 BST 2025
Hello,
On Mon 19 May 2025 at 11:14am +01, Sean Whitton wrote:
> I note that Ubuntu decided to go ahead and upload the fix without the
> tests. One other possibility is that we use (only) the reporter's
> exploit PoC to test this instead, but that's less good for LTS & ELTS
> because it's completely manual.
>
> If you don't have time to look at this soon then I'll see about getting
> the PoC to compile. Let me know. Thanks!
I was able to compile it but it doesn't reproduce the issue.
The PoC never sends any Authorization header.
I think I need somebody else's opinion on whether to proceed with the
fix without backporting the tests.
--
Sean Whitton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 869 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20250520/b7b82e60/attachment.sig>
More information about the pkg-gnome-maintainers
mailing list