[Pkg-libvirt-maintainers] Bug#988024: hivex: CVE-2021-3504
Hilko Bengen
bengen at debian.org
Tue May 4 23:06:09 BST 2021
* Salvatore Bonaccorso:
> CVE-2021-3504[0]:
> | Buffer overflow when provided invalid node key length
>
> Making the severity RC as I think the fix needs to go into bullseye.
Right.
I contacted team at security.d.o a about the issue, including a proposed
hivex/1.3.18-1+deb10u1 for stable-security a few days ago, but I'm not
aware of getting an answer.
Preparing a request for pre-approval/unblocking of 1.3.20-1 for the
release team now.
Cheers,
-Hilko
More information about the Pkg-libvirt-maintainers
mailing list