Your message dated Sat, 16 May 2026 11:07:42 +0000
with message-id <[email protected]>
and subject line Released with 12.14
has caused the Debian Bug report #1126370,
regarding bookworm-pu: package libuev/2.4.0-1.1+deb12u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126370: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126370
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: [email protected]
Usertags: pu
The attached debdiff for libuev fixes CVE-2022-48620. This CVE is marked
as no-dsa by the security team.
Nevertheless NVD evaluated a score of 9.8 for this CVE, which is
categorized as "critical".
The change is straightforward, so the risk should be low.
Thorsten
diff -Nru libuev-2.4.0/debian/changelog libuev-2.4.0/debian/changelog
--- libuev-2.4.0/debian/changelog 2022-01-24 21:05:09.000000000 +0100
+++ libuev-2.4.0/debian/changelog 2026-01-23 18:03:02.000000000 +0100
@@ -1,3 +1,12 @@
+libuev (2.4.0-1.1+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload by the LTS Team.
+ * CVE-2022-48620
+ fix possible buffer overrun in uev_run()
+ (Closes: #1060692)
+
+ -- Thorsten Alteholz <[email protected]> Fri, 23 Jan 2026 18:03:02 +0100
+
libuev (2.4.0-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru libuev-2.4.0/debian/patches/CVE-2022-48620.patch
libuev-2.4.0/debian/patches/CVE-2022-48620.patch
--- libuev-2.4.0/debian/patches/CVE-2022-48620.patch 1970-01-01
01:00:00.000000000 +0100
+++ libuev-2.4.0/debian/patches/CVE-2022-48620.patch 2026-01-23
18:03:02.000000000 +0100
@@ -0,0 +1,64 @@
+From 2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9 Mon Sep 17 00:00:00 2001
+From: Joachim Wiberg <[email protected]>
+Date: Sat, 17 Dec 2022 15:02:21 +0100
+Subject: [PATCH] Fix #27: possible buffer overrun in uev_run()
+
+If uev_init1() is called with maxevents > 10 the call to epoll_wait()
+might cause buffer overflow. Reported by Steve Palmer.
+
+Signed-off-by: Joachim Wiberg <[email protected]>
+---
+ src/uev.c | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/src/uev.c b/src/uev.c
+index 10d025f..548866a 100644
+--- a/src/uev.c
++++ b/src/uev.c
+@@ -196,11 +196,11 @@ int uev_init(uev_ctx_t *ctx)
+ /**
+ * Create an event loop context
+ * @param ctx Pointer to an uev_ctx_t context to be initialized
+- * @param maxevents Maximum number of events in event cache
++ * @param maxevents Maximum number of events in event cache [1, 10]
+ *
+ * This function is the same as uev_init() except for the @p maxevents
+- * argument, which controls the number of events in the event cache
+- * returned to the main loop.
++ * argument, max ::UEV_MAX_EVENTS, which controls the number of events
++ * in the event cache returned to the main loop.
+ *
+ * In cases where you have multiple events pending in the cache and some
+ * event may cause later ones, already sent by the kernel to userspace,
+@@ -222,6 +222,9 @@ int uev_init1(uev_ctx_t *ctx, int maxevents)
+ return -1;
+ }
+
++ if (maxevents > UEV_MAX_EVENTS)
++ maxevents = UEV_MAX_EVENTS;
++
+ memset(ctx, 0, sizeof(*ctx));
+ ctx->maxevents = maxevents;
+
+@@ -319,8 +322,12 @@ int uev_run(uev_ctx_t *ctx, int flags)
+
+ while (ctx->running && ctx->watchers) {
+ struct epoll_event ee[UEV_MAX_EVENTS];
++ int maxevents = ctx->maxevents;
+ int i, nfds, rerun = 0;
+
++ if (maxevents > UEV_MAX_EVENTS)
++ maxevents = UEV_MAX_EVENTS;
++
+ /* Handle special case: `application < file.txt` */
+ if (ctx->workaround) {
+ _UEV_FOREACH(w, ctx->watchers) {
+@@ -341,7 +348,7 @@ int uev_run(uev_ctx_t *ctx, int flags)
+ continue;
+ ctx->workaround = 0;
+
+- while ((nfds = epoll_wait(ctx->fd, ee, ctx->maxevents,
timeout)) < 0) {
++ while ((nfds = epoll_wait(ctx->fd, ee, maxevents, timeout)) <
0) {
+ if (!ctx->running)
+ break;
+
diff -Nru libuev-2.4.0/debian/patches/series libuev-2.4.0/debian/patches/series
--- libuev-2.4.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libuev-2.4.0/debian/patches/series 2026-01-23 18:03:02.000000000 +0100
@@ -0,0 +1 @@
+CVE-2022-48620.patch
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 12.14
This update has been released as part of Debian 12.14.
--- End Message ---
