Bug#1125060: llama.cpp: CVE-2026-21869

To: 1125060@bugs.debian.org, team@security.debian.org
Subject: Bug#1125060: llama.cpp: CVE-2026-21869
From: Christian Kastner <ckk@debian.org>
Date: Fri, 9 Jan 2026 12:43:20 +0100
Message-id: <[🔎] 274d8053-d120-4542-aeac-93b055427e7f@debian.org>
Reply-to: Christian Kastner <ckk@debian.org>, 1125060@bugs.debian.org
In-reply-to: <[🔎] aWANTEeo6BJa3g8r@pisco.westfalen.local>
References: <[🔎] aWANTEeo6BJa3g8r@pisco.westfalen.local> <[🔎] aWANTEeo6BJa3g8r@pisco.westfalen.local>

Hi,

On 2026-01-08 21:02, Moritz Mühlenhoff wrote:
> The following vulnerability was published for llama.cpp.
> 
> CVE-2026-21869[0]
> [...]

just wanted to confirm that I'm actively monitoring the situation, and
intend to prepare a fix in a timely manner, once it appears upstream.

FWIW, llama.cpp is neither in stable nor in testing, and also blocked
from migration as of right now.

Best,
Christian

Reply to:

References:
- Bug#1125060: llama.cpp: CVE-2026-21869
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Processing of pytorch_2.9.0+dfsg-1~exp2_source.changes
Next by Date: Bug#1125060: Forwarded upstream
Previous by thread: Bug#1125060: llama.cpp: CVE-2026-21869
Next by thread: Bug#1125060: Forwarded upstream
Index(es):
- Date
- Thread