Source: nilfs-tools Version: 2.2.11-2 Severity: important Tags: security upstream Forwarded: https://github.com/nilfs-dev/nilfs-utils/issues/26 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for nilfs-tools. CVE-2026-55392[0]: | NILFS utilities through 2.3.0, fixed in commit 26efb5d, | nilfs_sb_is_valid() function fails to validate s_log_block_size | field in NILFS2 superblock before bit-shift operations. Attackers | supplying crafted NILFS2 images trigger undefined behavior through | oversized shifts or out-of-memory conditions, crashing tools like | nilfs-tune and dumpseg. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-55392 https://www.cve.org/CVERecord?id=CVE-2026-55392 [1] https://github.com/nilfs-dev/nilfs-utils/issues/26 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
