Hi Leo, On 2021-08-01 23:31, Leo Famulari wrote: > CVE-2021-3246 is "A heap buffer overflow vulnerability in msadpcm_decode_block > of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted > WAV file." > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3246 What's blocking this from being merged? (Perhaps it's also a chance to plug it into core-updates to avoid adding the variants?) Cheers, Bruno