Bug#1041468: bookworm-pu: package hnswlib/0.6.2-2+deb12u1

To: Étienne Mollier <emollier@debian.org>, 1041468@bugs.debian.org
Subject: Bug#1041468: bookworm-pu: package hnswlib/0.6.2-2+deb12u1
From: Jonathan Wiltshire <jmw@debian.org>
Date: Sat, 22 Jul 2023 15:02:23 +0100
Message-id: <[🔎] ZLvhbw15oTJxmfLS@powdarrmonkey.net>
Reply-to: Jonathan Wiltshire <jmw@debian.org>, 1041468@bugs.debian.org
In-reply-to: <[🔎] ZLe1FHHtm4qGdWAX@fusion>
References: <[🔎] ZLe1FHHtm4qGdWAX@fusion> <[🔎] ZLe1FHHtm4qGdWAX@fusion>

Control: tag -1 confirmed

On Wed, Jul 19, 2023 at 12:04:04PM +0200, Étienne Mollier wrote:
> hnswlib is affected by CVE-2023-37365 marked no-dsa, documented
> through the important bug #1041426.  Quoting the CVE for short:
> hnswlib has a double free in init_index when the M argument is a
> large integer.

Please go ahead,

Thanks,


-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Reply to:

Follow-Ups:
- Bug#1041468: bookworm-pu: package hnswlib/0.6.2-2+deb12u1
  - From: Étienne Mollier <emollier@debian.org>

References:
- Bug#1041468: bookworm-pu: package hnswlib/0.6.2-2+deb12u1
  - From: Étienne Mollier <emollier@debian.org>

Prev by Date: Processed: Re: Bug#1041272: bookworm-pu: package transmission/3.00-2.1+deb12u1
Next by Date: Processed: Re: Bug#1041468: bookworm-pu: package hnswlib/0.6.2-2+deb12u1
Previous by thread: Processed: bookworm-pu: package hnswlib/0.6.2-2+deb12u1
Next by thread: Bug#1041468: bookworm-pu: package hnswlib/0.6.2-2+deb12u1
Index(es):
- Date
- Thread