Package: libgetdata8 Version: 0.10.0-10 Severity: important Dear Maintainer,
The current patch [1] for CVE-2021-20204 [2] breaks many (602 of 1638) regression tests (via "make check") and impacts basic library function. Downstream software is impacted (hence, Debian bug #992372 on KST.) For example: any dirfile with LINCOM fails to be recognized as a dirfile. Upstream has been notified of the CVE and will hopefully respond with their own patch. thanks, Graeme [1]: https://salsa.debian.org/science- team/libgetdata/-/commit/61275e4c051090ce11467207eb361a6d81c405d9 [2]: https://nvd.nist.gov/vuln/detail/CVE-2021-20204 -- System Information: Debian Release: 11.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.9.0-2-amd64 (SMP w/4 CPU threads) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libgetdata8 depends on: ii libc6 2.31-11 ii libltdl7 2.4.6-15 libgetdata8 recommends no packages. libgetdata8 suggests no packages. -- no debconf information