Source: libnfs Version: 5.0.2-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for libnfs. CVE-2026-53689[0]: | libnfs through 6.0.2 before 55c18ea does not validate a string size, | leading to an integer overflow during a connection to a crafted NFS | server. This occurs in libnfs_zdr_string in lib/libnfs-zdr.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-53689 https://www.cve.org/CVERecord?id=CVE-2026-53689 [1] https://github.com/sahlberg/libnfs/commit/55c18ea33a83d667f79f0ef209c96895795c729f Please adjust the affected versions in the BTS as needed. Regards, Salvatore
