Hello Arturo, On Fri, Mar 28, 2025 at 03:10:25PM +0100, Arturo Borrero Gonzalez wrote: > Hello, [...] > I worked on the libmodbus package for Debian Jessie. > > In particular, I’ve worked in backporting a fix for CVE-2024-10918, which > consists of 3 different upstream patches. Most of the heavy work has been > completed [3]. I also had conversations with the upstream developer, to see > if they would be interested in collaborating to get this fixed, but they are > not available at the moment. > > An additional round of review & testing should be good to have before > uploading. I don’t plan to keep working on this package in the next month. > Other people should take care of the remaining steps to fix this CVE in the > ELTS releases.
I'm happy to pick this up. Please unclaim libmodbus in ela-needed.txt or simply ack that it's ok if I hijack it from you there. > > regards. > > [1] https://www.freexian.com/lts/ > [2] https://www.freexian.com/lts/debian/#sponsors > [3] > https://salsa.debian.org/lts-team/packages/libmodbus/-/blob/debian/jessie-security/debian/patches/CVE-2024-10918.patch > > Regards, Andreas Henriksson
