Package: libtoxcore2 Version: 0.2.12-1+b1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Dear Maintainer, libtoxcore has CVE-2021-44847: https://blog.tox.chat/2021/12/stack-based-buffer-overflow-vulnerability-in-udp-packet-handling-in-toxcore-cve-2021-44847/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44847 Workaround is to disable UDP support in settings. -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.15.0-2-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8), LANGUAGE=lt Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libtoxcore2 depends on: ii libc6 2.33-1 ii libopus0 1.3.1-0.1 ii libsodium23 1.0.18-1 ii libvpx7 1.11.0-2 libtoxcore2 recommends no packages. libtoxcore2 suggests no packages. -- no debconf information