Hi Ritesh & Everyone, Ritesh Raj Sarraf <[email protected]> (időpont: 2026. jún. 15., H, 15:57) ezt írta:
> Hello Balint and Chrysostomos, > > Since you have been doing all the recent uploads, and given I am not > active on this package, could you please take over it as the maintainer ? > I have removed myself a few years ago from Uploaders because I couldn’t dedicate enough time and that did not change much. :-( Best Regards, Balint You'll also want to attend to this CVE fix. I'm assuming you use libnfs and > thus this CVE fix is important > > On Fri, Jun 12, 2026 at 10:01 AM Salvatore Bonaccorso <[email protected]> > wrote: > >> Source: libnfs >> Version: 5.0.2-1 >> Severity: important >> Tags: security upstream >> X-Debbugs-Cc: [email protected], Debian Security Team < >> [email protected]> >> >> Hi, >> >> The following vulnerability was published for libnfs. >> >> CVE-2026-53689[0]: >> | libnfs through 6.0.2 before 55c18ea does not validate a string size, >> | leading to an integer overflow during a connection to a crafted NFS >> | server. This occurs in libnfs_zdr_string in lib/libnfs-zdr.c. >> >> >> If you fix the vulnerability please also make sure to include the >> CVE (Common Vulnerabilities & Exposures) id in your changelog entry. >> >> For further information see: >> >> [0] https://security-tracker.debian.org/tracker/CVE-2026-53689 >> https://www.cve.org/CVERecord?id=CVE-2026-53689 >> [1] >> https://github.com/sahlberg/libnfs/commit/55c18ea33a83d667f79f0ef209c96895795c729f >> >> Please adjust the affected versions in the BTS as needed. >> >> Regards, >> Salvatore > > >> > > -- > Ritesh Raj Sarraf > RESEARCHUT -- http://www.researchut.com > "Necessity is the mother of invention" >
