- Package:
- src:libnfs
- Source:
- src:libnfs
- Submitter:
- Salvatore Bonaccorso
- Date:
- 2026-06-15 14:29:02 UTC
- Severity:
- normal
- Tags:
Hi, The following vulnerability was published for libnfs. CVE-2026-53689[0]: | libnfs through 6.0.2 before 55c18ea does not validate a string size, | leading to an integer overflow during a connection to a crafted NFS | server. This occurs in libnfs_zdr_string in lib/libnfs-zdr.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-53689 https://www.cve.org/CVERecord?id=CVE-2026-53689 [1] https://github.com/sahlberg/libnfs/commit/55c18ea33a83d667f79f0ef209c96895795c729f Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Hello Balint and Chrysostomos, Since you have been doing all the recent uploads, and given I am not active on this package, could you please take over it as the maintainer ? You'll also want to attend to this CVE fix. I'm assuming you use libnfs and thus this CVE fix is important
Hi Ritesh & Everyone, Ritesh Raj Sarraf <riteshsarraf@gmail.com> (időpont: 2026. jún. 15., H, 15:57) ezt írta: I have removed myself a few years ago from Uploaders because I couldn’t dedicate enough time and that did not change much. :-( Best Regards, Balint You'll also want to attend to this CVE fix. I'm assuming you use libnfs and