Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: suricata@packages.debian.org, satta@debian.org, dev@andreas-dolp.de Control: affects -1 + src:suricata User: release.debian.org@packages.debian.org Usertags: pu Dear stable release managers, I'd like to hand in a security patch for suricata 7.0.10 in Debian trixie. In accordance with the security team, the CVE will not warrant a DSA and should be included in the next point release. [ Reason ] Security fix for CVE-2025-53538 [2] Closes: #1109806 Upstream ticket: [3] [ Impact ] Users may be vulnerable to an uncontrolled memory usage, leading to loss of visibility or having to disable HTTP parsing. [1] [2] Both options can be considered unsuitable for an IDS use case. [ Tests ] Package build works correctly for me and I can start Suricata program without issues, but I did not test the actual CVE being really fixed as I don’t know how to do and having no samples. [ Risks ] Program crashes if fix would contain errors. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Applied patch containing upstream commit 97eee2ca. [4] [ Other info ] [1] https://github.com/OISF/suricata/security/advisories/GHSA-qrr7-crgj-cmh3 [2] https://security-tracker.debian.org/tracker/CVE-2025-53538 [3] https://redmine.openinfosecfoundation.org/issues/7659 [4] https://github.com/OISF/suricata/commit/97eee2ca.patch
File lists identical (after any substitutions)
Control files: lines which differ (wdiff format)
------------------------------------------------
Version: [-1:7.0.10-1-] {+1:7.0.10-1+deb13u1+}
Attachment:
0001-Fix-CVE-2025-53538-in-7.0.10-for-trixie-security.patch
Description: application/mbox