Debian alert DLA-4343-1 (raptor2)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4343-1] raptor2 security update | |
| Date: | Wed, 22 Oct 2025 17:00:08 +0000 | |
| Message-ID: | <3b8c4821-5526-ba23-8bd0-3b7f41d691@alteholz.de> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4343-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz October 22, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : raptor2 Version : 2.0.14-1.2+deb11u1 CVE ID : CVE-2024-57822 CVE-2024-57823 Two issues have been found in raptor2, an RDF parser and serializer utilities. One issue is related to a heap-based buffer over-read when parsing triples. The other issue is related to an integer underflow when normalizing an URI. For Debian 11 bullseye, these problems have been fixed in version 2.0.14-1.2+deb11u1. We recommend that you upgrade your raptor2 packages. For the detailed security status of raptor2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/raptor2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmj5DZhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEfieA/8Ccv3WtIQxGPaBaDO7TwlRDa+bFmCpe3fj+jboPo3zQ64YtF6JwU8CdtM kYdl0mznKR2Nhq/SbQe9EWikf228aoyIb7FtmnyBVP1ZYQqTYwxsja/MVFLWUn+a diukZwl7PvJI+dFWT2Jc+dvqeNAQHGjJnec+/i7vNj2yEGvfDfcS0N33DdStZCmu VvZ78N78DmXMYB5Rm5aAa3QAyfOKH4UMqKkGGCyY7AnkeFHujhg6cUN3Hob1KoqL EQTfYFvrfE6OaJR/KsgVMKcvPpmfDGSV/c8xQ0aiKXtvs8D21XOfOwHTXXBI9hca c+5YhKc5B3y8+i1roDtQsjdj57oTd9fKsQ6n+GqgGBl437mloEaZFe9inMEfp5H/ 800YrljntaWm/nfSZl0N3fXy1ZFids/QQAAcCY1IaGap/O/Uu9qETV7fzMguyOw1 sUNlEyDjN0N6Pm+T/rJdzpXx1WTqZqCAGIk2Ld3dQnS4GZxQBelReaHOcB92Hcdg OGiwNztZ5hmRMI5+pS9nEVST/JVYLwQP7amftoSKOI8+AJ3JVfZBgdAozy1aDZoh sRgAUA0j4EOV+KOMsl9ON+oDIIklUz7J1Q7WfOG9yxXmby1nRzKSUh7i+Z8ZEfVO qkq85C1iUjObVdENnuQpeABVZZdVsFIhHvbNZoeRhMqhkjOOICo= =P0CD -----END PGP SIGNATURE-----