-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6271-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : gsasl CVE ID : not yet available It was discovered that missing input sanitising in the DIGEST-MD5 parser of the GNU SASL library could result in denial of service. For the oldstable distribution (bookworm), this problem has been fixed in version 2.2.0-1+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 2.2.2-1.1+deb13u1. We recommend that you upgrade your gsasl packages. For the detailed security status of gsasl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gsasl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoF3gwACgkQEMKTtsN8 TjZNcA/+M8SUrM+6GWUX101Asox+ywwP9XzeHAtJF929nDZ2TUiCftAOMheiQrlQ Qo/ABJ5W8e/HoAGL6Oywfm27KAPzN/1HbLL1IdJYkbm2s2gWUEef1hSwdH+0AXeU rA5j+gO/6JgqysDkXab05cDnzPpPCCCfL6+LysvtcDm0sQTkXUvno5NUEjX8AKrQ zAJ5mgpPOmmGBPrkOWyWEyrFyFjcJDzPmmd1mz2XrvHMz/YSPpiqSaEWKC3rVptV w6DY9lfGOCeQ10Cr9mJzD8VMIFRRCF4QdvxAPPncLKFkLLlOAGmys+qSUPQuwNqh +Q7UsPoSoVjShtinTsRtZP+jtMJy/9hVrGnG8Oq/kdNAtsZ868TTSwxw+JTyjVE4 9jXUBoGk0bBCYm6I62lkdS+CU3CdtFTz3/ySGShjXetlOMd2rJ7nJgAjw+Pf/vXb d00Qw5FUe6t63Q0R0qZw/UIR10Yl7Z2Us04+1CUcZAmOx5ePMCunvSg9f1mnOq68 FHPRn/TYGFZKWfx5s8UBga5zX/TNTqVbDLzX56vF/Z6vdal5kUw6/IpMRByQWC/S FUNNZu8v5arUe8HogLmrGTE4IUdIKjG83+11kgMiYxuA3WyTHM20Y9k1V/Ckh+ti gW9wK+I7A4nqxMlXLSlSQRjnq9SG4PUyhZlazJNIlgYelM6EtYw= =QNTN -----END PGP SIGNATURE-----

