Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: jose@packages.debian.org, debian.axhn@manchmal.in-ulm.de
Control: affects -1 + src:jose
User: release.debian.org@packages.debian.org
Usertags: pu
[ Reason ]
"Fix potential DoS issue with p2c header" [CVE-2023-50967]
[ Impact ]
Users become susceptible for a DoS attack.
[ Tests ]
Upstream enhanced the test suite accordingly, this is included
in this upload.
[ Risks ]
The fix is rather simple so there shouldn't be any risks.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable (13-1, uploaded 2024-04-04)
[ Changes ]
Just cherry-pick the fix from upstream. The DEP-3 header has all
the details.
[ Other info ]
Fix via SPU after coordination with the Debian security team.
Regards,
Christoph
PS: Version numbers might be confusing. This is fixing jose 10 in
Debian 11 - fixing jose 11 in Debian 12 will follow in a moment ...
Attachment:
signature.asc
Description: PGP signature