Control: found -1 3.40.1-2+deb12u2 Hi Salvatore,
On Sun, Jun 14, 2026 at 7:57 AM Salvatore Bonaccorso <[email protected]> wrote: > Can you help assess them please, info on two CVEs below hich carry the > same fixes references in the database: I've checked and Bookworm is definitely affected. The fixes are easy to backport. Information I've found suggests that these might have a PoC available. As far as I know, there's no application in Debian that allows network connection and uses input directly with FTS5. But as the package is compiled with FTS5 support, local exploits might be possible. Does this help? Can I help with more details? Regards, Laszlo/GCS
