[continued from previous message]
<175632614275.243818.15413357477461321996.reportbug@eldamar.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To:
X-Debian-User: carnil
Control: notfound -1 2.6.3-2
Hi Paride,
On Thu, Aug 28, 2025 at 09:43:36PM +0200, Salvatore Bonaccorso wrote:
> Hi Paride,
>
> On Thu, Aug 28, 2025 at 09:25:41PM +0200, Paride Legovini wrote:
> > On 2025-08-27 10:22 PM, Salvatore Bonaccorso wrote:
> > > Source: isc-kea
> > > Version: 2.6.3-2
> > >
> > > The following vulnerability was published for isc-kea.
> > >
> > > CVE-2025-40779[0]:
> > > | Kea crash upon interaction between specific client options and
> > > | subnet selection
> > >
> > >
> > > If you fix the vulnerability please also make sure to include the
> > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> > >
> > > For further information see:
> > >
> > > [0] https://security-tracker.debian.org/tracker/CVE-2025-40779
> > > https://www.cve.org/CVERecord?id=CVE-2025-40779
> > > [1] https://kb.isc.org/docs/cve-2025-40779
> > > [2] https://gitlab.isc.org/isc-projects/kea/-/commit/b25d7
8a81273e4099bf6c7f639ed774de2f3d08
> >
> > Hi Salvatore,
> >
> > From the CVE itself, looks like version 2.6.3-2 is not affected by the
> > vulnerability. There is an older version in oldstable, which again
> > according to the CVE is "likely unaffected".
> >
> > Do you think we should mark the oldstable version affected by this bug?
>
> I might have confused something with the report, let me double-check I
> think I missed where the issue got introduced. Will update the bug
> shortly if it turns to be right and close it.
You are right, I have updated the security-tracker as with
https://salsa.debian.org/security-tracker-team/security-tracker/
/commit/cf971cd772706798f7fb8875d8b4299bfbc43710
Regards,
Salvatore
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
