From ${URL} : Upstream commit: <https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2> If compiled with effective source fortification, the vulnerability is just a crash and not exploitable for anything else, as a result of the compiler-emitted length check for memcpy inside the PEEK_BYTES macro. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
There is also another fix, an improper assert leading to a daemon crash: https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
net-misc/lldpd-0.9.1 is now in the tree, sorry about the delay on this
GLSA Vote: No