Hi, On Thu, Apr 03, 2025 at 02:01:40PM -0700, Julia Kazakova wrote: > Hello, > > Are you planning to address the following CVE in > bullseye/bookworm/trixie? Do you have an ETA? > https://security-tracker.debian.org/tracker/CVE-2023-45929 > > Status: Not addressed by Debian 11.0 OR Debian 12 > Source PackageReleaseVersionStatus > slang2 <https://security-tracker.debian.org/tracker/source-package/slang2> ( > PTS <https://tracker.debian.org/pkg/slang2>) bullseye 2.3.2-5 vulnerable > bookworm 2.3.3-3 vulnerable > sid, trixie 2.3.3-5 vulnerable
Please have a look at the notes in the security-tracker: NOTE: Negligible security impact and the unimportant marking. There is absolutely no urgency to have fix for that, as such there is no ETA. Please read as well https://www.debian.org/security/faq#cve-severity-assessment > Thank you, > Julia Kazakova > > Staff Software Engineer, Quality Assurance (QA) > > Broadcom | Identity Management Security (IMS) > > 13711 International Place Suite 200 | Richmond, BC, Canada V6V 2Z8 > > -- > This electronic communication and the information and any files transmitted > with it, or attached to it, are confidential and are intended solely for > the use of the individual or entity to whom it is addressed and may contain > information that is confidential, legally privileged, protected by privacy > laws, or otherwise restricted from disclosure to anyone else. If you are > not the intended recipient or the person responsible for delivering the > e-mail to the intended recipient, you are hereby notified that any use, > copying, distributing, dissemination, forwarding, printing, or copying of > this e-mail is strictly prohibited. If you received this e-mail in error, > please return the e-mail to the sender, delete it from your computer, and > destroy any printed copy of it. You might want to remove this when sending emails to a public mailing list in particular. Regards, Salvatore
