[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security fix in Protozero

There is no CVE or anything else, just the PR.

I checked Mapnik and it looks like it might be affected, I have already
notified the maintainer.

Jochen

On Wed, Jul 16, 2025 at 12:43:33PM +0200, Sebastiaan Couwenberg wrote:
> Date: Wed, 16 Jul 2025 12:43:33 +0200
> From: Sebastiaan Couwenberg <sebastic@xs4all.nl>
> To: Jochen Topf <jochen@remote.org>, debian-gis@lists.debian.org
> Subject: Re: Security fix in Protozero
> 
> On 7/16/25 9:31 AM, Jochen Topf wrote:
> > Yesterday I released version 1.8.1 of protozero. It basically only
> > contains a security fix (buffer overrun). It would be good if we can get
> > this into Trixie.
> 
> Is there a CVE or other reference?
> 
> The commit [0] nor PR [1] mentioned these.
> 
> [0] https://github.com/mapbox/protozero/commit/72802a4ffe7fbf2fba75f316da4531d2561f7eea
> [1] https://github.com/mapbox/protozero/pull/133
> 
> > The way I am using protozero in my code (libosmium etc.) this bug can
> > not be triggered, but it might affect others.
> 
> The other rdeps of protozero in Debian are mapnik & qtlocation-opensource-src.
> 
> Kind Regards,
> 
> Bas
> 
> -- 
>  GPG Key ID: 4096R/6750F10AE88D4AF1
> Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

-- 
Jochen Topf  jochen@remote.org  https://www.jochentopf.com/  +49-351-31778688
Reply to: