Package: 0ad Version: 0.0.26-3 Severity: normal X-Debbugs-Cc: mariamarutun...@gmail.com
Dear Maintainer, The project mbedtsl which is used in 0ad project (path 0ad/build/premake/premake5/contrib/mbedtls) contains vulnerability (CVE-2019-16910, CVE-2017-14032). The vulnerability is fixed in newer version of mbedtls, but in 0ad project the old (0.0.23) version is used. -- System Information: Debian Release: bookworm/sid APT prefers jammy-updates APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), (100, 'jammy-backports') Architecture: amd64 (x86_64) Kernel: Linux 5.15.0-72-generic (SMP w/16 CPU threads) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: unable to detect