Debian Bsdiff vulnerabilities

CVE-2020-14315 [CRITICAL] CVE-2020-14315: bsdiff - A memory corruption vulnerability is present in bspatch as shipped in Colin Perc... A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries. Scope: local bookworm: resolved (fixed in 4.3-22) bullseye: resolved (fixed in 4.3-22)

CVE-2014-9862 [HIGH] CVE-2014-9862: bsdiff - Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS ... Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file. Scope: local bookworm: resolved (fixed in 4.3-17) bullseye: resolved (fixed in 4.3-17) forky: resolved (fixed in 4.3-17)