Bug#1041475: bullseye-pu: package hnswlib/0.4.0-3+deb11u1

To: Jonathan Wiltshire <jmw@debian.org>, 1041475@bugs.debian.org
Subject: Bug#1041475: bullseye-pu: package hnswlib/0.4.0-3+deb11u1
From: Étienne Mollier <emollier@debian.org>
Date: Sun, 23 Jul 2023 17:03:30 +0200
Message-id: <ZL1BQjNTxi//7Hbo@fusion>
Reply-to: Étienne Mollier <emollier@debian.org>, 1041475@bugs.debian.org
In-reply-to: <ZL0k0YDQhbBh/STM@powdarrmonkey.net>
References: <[🔎] ZLfG45MN8a0AGQcc@fusion> <[🔎] ZLfG45MN8a0AGQcc@fusion> <ZL0k0YDQhbBh/STM@powdarrmonkey.net> <[🔎] ZLfG45MN8a0AGQcc@fusion>

Hi Jonathan,

Jonathan Wiltshire, on 2023-07-23:
> On Wed, Jul 19, 2023 at 01:20:03PM +0200, Étienne Mollier wrote:
> > hnswlib is affected by CVE-2023-37365 marked no-dsa, documented
> > through the important bug #1041426.  Quoting the CVE for short:
> > hnswlib has a double free in init_index when the M argument is a
> > large integer.
> 
> Please go ahead.

I went ahead and received feedback that the package is accepted
in oldstable-proposed-updates->oldstable-new.  Thanks!

Have a nice day,  :)
-- 
  .''`.  Étienne Mollier <emollier@debian.org>
 : :' :  gpg: 8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
 `. `'   sent from /dev/pts/2, please excuse my verbosity
   `-    on air: Liquid Tension Experiment - Acid rain

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Bug#1041475: bullseye-pu: package hnswlib/0.4.0-3+deb11u1
  - From: Étienne Mollier <emollier@debian.org>
- Bug#1041475: bullseye-pu: package hnswlib/0.4.0-3+deb11u1
  - From: Jonathan Wiltshire <jmw@debian.org>

Prev by Date: Bug#1041776: transition: libwebsockets
Next by Date: Bug#1036811: bullseye-pu: package ncurses/6.2+20201114-2+deb11u2
Previous by thread: Bug#1041475: bullseye-pu: package hnswlib/0.4.0-3+deb11u1
Next by thread: Processed: Re: Bug#1041475: bullseye-pu: package hnswlib/0.4.0-3+deb11u1
Index(es):
- Date
- Thread