Package: release.debian.org Severity: normal Tags: bookworm User: [email protected] Usertags: pu X-Debbugs-Cc: [email protected], [email protected] Control: affects -1 + src:nsis
Please update nsis 3.08-3 to 3.09. [ Reason ] Generated installers contain invalid relocation information, see Bug#1050288. This is a regression introduced by a changed behavior of the MinGW-w64 toolchain. nsis 3.06.1-1 on bullseye is not affected because an older version of the toolchain is used. nsis-3.09-1 on trixie is not affected because NSIS upstream addressed this problem in release 3.09. This update also fixes security vulnerability CVE-2023-37378, see Bug#1040880. [ Impact ] Large installers may work on Windows, but small installers do not. Even if an installer works, warning messages from security scanners may be triggered because the file is considered corrupt. [ Tests ] Create a small installer with makensis. The problem is fixed if 'objdump -p' does no longer complain "BFD: error: FILE.exe(.reloc) is too large" and the size of the '.reloc' section is 0. See Bug#1050288 for details. [ Risks ] NSIS 3.09 is the official upstream release proven to work for some time now.
