+++ This bug was initially created as a clone of Bug #31673 +++ In Bug 30291, we fixed a CVE with a buggy patch from Debian. A fixed version of the patch has been posted here: https://www.openwall.com/lists/oss-security/2023/03/14/7 * Update * Some more fixes have been discussed in this thread: https://www.openwall.com/lists/oss-security/2023/03/31/2 It doesn't sound like the remaining issues are that serious, unless I'm misreading, but we should at least update the patch in Cauldron.