Source: cbor2 Version: 5.6.1-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for cbor2. CVE-2024-26134[0]: | cbor2 provides encoding and decoding for the Concise Binary Object | Representation (CBOR) (RFC 8949) serialization format. Starting in | version 5.5.1 and prior to version 5.6.2, an attacker can crash a | service using cbor2 to parse a CBOR binary by sending a long enough | object. Version 5.6.2 contains a patch for this issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-26134 https://www.cve.org/CVERecord?id=CVE-2024-26134 [1] https://github.com/agronholm/cbor2/security/advisories/GHSA-375g-39jq-vq7m [2] https://github.com/agronholm/cbor2/commit/4de6991ba29bf2290d7b9d83525eda7d021873df Regards, Salvatore
