Bug#1118374: trixie-pu: package libsmb2/6.2+dfsg-2+deb13u1

To: Matheus Polkorny <mpolkorny@gmail.com>, 1118374@bugs.debian.org
Subject: Bug#1118374: trixie-pu: package libsmb2/6.2+dfsg-2+deb13u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 01 Nov 2025 10:05:30 +0000
Message-id: <[🔎] 96fe94892457a2690e0c4984128fdfaef3a5c3d4.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1118374@bugs.debian.org
In-reply-to: <gk3cd4bs3knehnskx5qtjrfa3sf36mjrx5dc4ag2gk76u2xai7@vd2m4ajehqpl>
References: <gk3cd4bs3knehnskx5qtjrfa3sf36mjrx5dc4ag2gk76u2xai7@vd2m4ajehqpl> <gk3cd4bs3knehnskx5qtjrfa3sf36mjrx5dc4ag2gk76u2xai7@vd2m4ajehqpl>

Control: tags -1 + confirmed

On Sat, 2025-10-18 at 16:27 -0300, Matheus Polkorny wrote:
> The reason is to fix CVE-2025-57632 [1], When processing SMB2 chained
> PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to
> append to a fixed-size iovec array without checking the upper bound
> of v->niov (SMB2_MAX_VECTORS=256).
> Bug: #1116446

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: NEW changes in stable-new
Next by Date: Processed: Re: Bug#1118374: trixie-pu: package libsmb2/6.2+dfsg-2+deb13u1
Previous by thread: NEW changes in stable-new
Next by thread: Processed: Re: Bug#1118374: trixie-pu: package libsmb2/6.2+dfsg-2+deb13u1
Index(es):
- Date
- Thread