There are 3 open security issues in bullseye.
3 issues left for the package maintainer to handle:
- CVE-2022-0485:
(needs triaging)
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.
- CVE-2023-5215:
(needs triaging)
A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.
- CVE-2021-20286:
(needs triaging)
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
You can find information about how to handle these issues in the security team's documentation.