Control: notfound -1 2.6.3-2 Hi Paride,
On Thu, Aug 28, 2025 at 09:43:36PM +0200, Salvatore Bonaccorso wrote: > Hi Paride, > > On Thu, Aug 28, 2025 at 09:25:41PM +0200, Paride Legovini wrote: > > On 2025-08-27 10:22 PM, Salvatore Bonaccorso wrote: > > > Source: isc-kea > > > Version: 2.6.3-2 > > > > > > The following vulnerability was published for isc-kea. > > > > > > CVE-2025-40779[0]: > > > | Kea crash upon interaction between specific client options and > > > | subnet selection > > > > > > > > > If you fix the vulnerability please also make sure to include the > > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > > > For further information see: > > > > > > [0] https://security-tracker.debian.org/tracker/CVE-2025-40779 > > > https://www.cve.org/CVERecord?id=CVE-2025-40779 > > > [1] https://kb.isc.org/docs/cve-2025-40779 > > > [2] > > > https://gitlab.isc.org/isc-projects/kea/-/commit/b25d7e8a81273e4099bf6c7f639ed774de2f3d08 > > > > Hi Salvatore, > > > > From the CVE itself, looks like version 2.6.3-2 is not affected by the > > vulnerability. There is an older version in oldstable, which again > > according to the CVE is "likely unaffected". > > > > Do you think we should mark the oldstable version affected by this bug? > > I might have confused something with the report, let me double-check I > think I missed where the issue got introduced. Will update the bug > shortly if it turns to be right and close it. You are right, I have updated the security-tracker as with https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf971cd772706798f7fb8875d8b4299bfbc43710 Regards, Salvatore
