Bug#1068818: sngrep: CVE-2024-3119 CVE-2024-3120

Moritz Muehlenhoff jmm at inutil.org
Sun Apr 21 20:58:03 BST 2024


On Sun, Apr 21, 2024 at 07:35:43PM +0000, Victor Seva wrote:
> Hi,
> 
> 
> I've just uploaded sngrep 1.8.1-1 to sid and prepared 1.6.0-1+deb12u1 for bookworms-security [0].
> 
> Attached debdiff file.
> 
> Waiting for you reply,
> Victor
> 
> [0] https://salsa.debian.org/pkg-voip-team/sngrep/-/tags/debian%2F1.6.0-1+deb12u1

Hi Victor,
diff looks fine, but I don't believe this really needs a DSA; it's rather obscure attack vector.
I think addressing this via the next Bookworm point release is perfectly fine, what do you think?

Procedure is outlined at
https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions

Cheers,
        Moritz



More information about the Pkg-voip-maintainers mailing list