Bug#1068818: sngrep: CVE-2024-3119 CVE-2024-3120
Moritz Muehlenhoff
jmm at inutil.org
Sun Apr 21 20:58:03 BST 2024
On Sun, Apr 21, 2024 at 07:35:43PM +0000, Victor Seva wrote:
> Hi,
>
>
> I've just uploaded sngrep 1.8.1-1 to sid and prepared 1.6.0-1+deb12u1 for bookworms-security [0].
>
> Attached debdiff file.
>
> Waiting for you reply,
> Victor
>
> [0] https://salsa.debian.org/pkg-voip-team/sngrep/-/tags/debian%2F1.6.0-1+deb12u1
Hi Victor,
diff looks fine, but I don't believe this really needs a DSA; it's rather obscure attack vector.
I think addressing this via the next Bookworm point release is perfectly fine, what do you think?
Procedure is outlined at
https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions
Cheers,
Moritz
More information about the Pkg-voip-maintainers
mailing list