Source: libass Version: 1:0.16.0-1 Severity: normal Hi, a buffer overread bug affecting 0.17.0 and 0.16.0 was discovered and we released a new bug-fix-only release 0.17.1 to address it. https://github.com/libass/libass/releases/tag/0.17.1 It appears as if no Debian distribution currently includes 0.16.0 (anymore), but 0.17.0 ofc is. I’m aware the Bookworm freeze started already and apologise for additional trouble this might cause. But given this upstream release itself is a small, targeted fix for 0.17.0 and it resolves a memory bug, I believe it is both suitable and advisable to include 0.17.1 in Bookworm. (Or bookworm-security if that’s more appropiate.) Not including the release commit itself, the difference to 0.17.0 are only two bugfix commits changing but a couple lines of code. One of those commits fixing the aforementioned memory bug, the other a configuration failure on GNU Hurd if ASM is not disabled (ref. #1027750). Cheers Oneric
Attachment:
signature.asc
Description: PGP signature