LTS report for October 2023

To: debian-lts@lists.debian.org
Subject: LTS report for October 2023
From: Helmut Grohne <helmut@subdivi.de>
Date: Thu, 2 Nov 2023 20:39:17 +0100
Message-id: <[🔎] 20231102193917.GA3965972@subdivi.de>
Mail-followup-to: Helmut Grohne <helmut@subdivi.de>, debian-lts@lists.debian.org

Hi,

I am funded by Freexian SARL and thus reporting about my work in October
2023.

I reviewed the patch for CVE-2023-44487 in h2o backported by Anton
Gladky regarding the ABI break in the shared library. Here, the
difficulty arises from the need to add runtime state to an exported
structure (which thus changes size) in order to mitigate the denial of
service condition when the structure in question is typically
user-allocated. Hence changing it would incur an out-of-bounds memory
access.

Helmut

Reply to:

Prev by Date: Debian LTS and ELTS - October 2023
Next by Date: (E)LTS report for October 2023
Previous by thread: Debian LTS and ELTS - October 2023
Next by thread: PostgreSQL security updates
Index(es):
- Date
- Thread