Bug#1053474: snappy-java: CVE-2023-43642
tony mancill
tmancill at debian.org
Thu Oct 5 18:31:30 BST 2023
On Wed, Oct 04, 2023 at 09:41:10PM +0200, Salvatore Bonaccorso wrote:
> Source: snappy-java
> Version: 1.1.8.3-1
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
>
> The following vulnerability was published for snappy-java.
>
> CVE-2023-43642[0]:
>
> ...(SNIP)...
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2023-43642
> https://www.cve.org/CVERecord?id=CVE-2023-43642
> [1] https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5
> [2] https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv
The latest upstream version 1.1.10.5 has been uploaded to unstable.
I will look into what is required to apply the patch referenced above
against 1.1.8.3 for bookworm and bullseye.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20231005/da1a1e52/attachment.sig>
More information about the pkg-java-maintainers
mailing list