Re: Question about CVE-2023-45929 fix
Hi,
On Thu, Apr 03, 2025 at 02:01:40PM -0700, Julia Kazakova wrote:
> Hello,
>
> Are you planning to address the following CVE in
> bullseye/bookworm/trixie? Do you have an ETA?
> https://security-tracker.debian.org/tracker/CVE-2023-45929
>
> Status: Not addressed by Debian 11.0 OR Debian 12
> Source PackageReleaseVersionStatus
> slang2 <https://security-tracker.debian.org/tracker/source-package/slang2> (
> PTS <https://tracker.debian.org/pkg/slang2>) bullseye 2.3.2-5 vulnerable
> bookworm 2.3.3-3 vulnerable
> sid, trixie 2.3.3-5 vulnerable
Please have a look at the notes in the security-tracker:
NOTE: Negligible security impact
and the unimportant marking. There is absolutely no urgency to have
fix for that, as such there is no ETA.
Please read as well
https://www.debian.org/security/faq#cve-severity-assessment
> Thank you,
> Julia Kazakova
>
> Staff Software Engineer, Quality Assurance (QA)
>
> Broadcom | Identity Management Security (IMS)
>
> 13711 International Place Suite 200 | Richmond, BC, Canada V6V 2Z8
>
> --
> This electronic communication and the information and any files transmitted
> with it, or attached to it, are confidential and are intended solely for
> the use of the individual or entity to whom it is addressed and may contain
> information that is confidential, legally privileged, protected by privacy
> laws, or otherwise restricted from disclosure to anyone else. If you are
> not the intended recipient or the person responsible for delivering the
> e-mail to the intended recipient, you are hereby notified that any use,
> copying, distributing, dissemination, forwarding, printing, or copying of
> this e-mail is strictly prohibited. If you received this e-mail in error,
> please return the e-mail to the sender, delete it from your computer, and
> destroy any printed copy of it.
You might want to remove this when sending emails to a public mailing
list in particular.
Regards,
Salvatore
Reply to: