Ubuntu has issued an advisory on June 14: https://ubuntu.com/security/notices/USN-6165-1
Status comment: (none) => Patches available from upstream and Ubuntu
This version of the software was commited over 2y ago by Olav, who did version updates to 2.72.3. Since then tv has done a couple. Unsure to whom to assign this, so doing so globally; CC'ing these two packagers.
Assignee: bugsquad => pkg-bugsCC: (none) => olav, thierry.vignaud
IINM CVE-2023-32636 and CVE-2023-32643 were fixed when a fix for CVE-2023-24593 (bug 31805) was released. https://ubuntu.com/security/CVE-2023-24593
Indeed. These CVEs were regressions of the original fix for CVE-2023-24593, but the patch in Bug 31805 included the fixes for those regressions. *** This bug has been marked as a duplicate of bug 31805 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE