Among the 5 debian patches
available in version 2.0.9-1 of the package,
we noticed the following issues:
5 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
1 issue left for the package maintainer to handle:
CVE-2023-39976:
(needs triaging)
log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.