On Sat, May 09, 2026 at 08:54:22PM +0300, Adrian Bunk wrote: > Package: release.debian.org > Severity: normal > Tags: trixie > X-Debbugs-Cc: [email protected], [email protected] > Control: affects -1 + src:musl > User: [email protected] > Usertags: pu > > * CVE-2026-6042: Algorithmic complexity DoS in iconv GB18030 decoder > * CVE-2026-40200: Stack corruption in qsort > * (Closes: #1133372) > > Due to static linking binNMUs of mksh and supermin > are needed afterwards.
The binNMUs are missing, could they still be done? cu Adrian
