Hello Balint and Chrysostomos, Since you have been doing all the recent uploads, and given I am not active on this package, could you please take over it as the maintainer ? You'll also want to attend to this CVE fix. I'm assuming you use libnfs and thus this CVE fix is important
On Fri, Jun 12, 2026 at 10:01 AM Salvatore Bonaccorso <[email protected]> wrote: > Source: libnfs > Version: 5.0.2-1 > Severity: important > Tags: security upstream > X-Debbugs-Cc: [email protected], Debian Security Team < > [email protected]> > > Hi, > > The following vulnerability was published for libnfs. > > CVE-2026-53689[0]: > | libnfs through 6.0.2 before 55c18ea does not validate a string size, > | leading to an integer overflow during a connection to a crafted NFS > | server. This occurs in libnfs_zdr_string in lib/libnfs-zdr.c. > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2026-53689 > https://www.cve.org/CVERecord?id=CVE-2026-53689 > [1] > https://github.com/sahlberg/libnfs/commit/55c18ea33a83d667f79f0ef209c96895795c729f > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore > -- Ritesh Raj Sarraf RESEARCHUT -- http://www.researchut.com "Necessity is the mother of invention"
