Does Trisquel use/backport the CVE-2022-35978 Minetest patch?
https://trisquel.info/en/forum/does-trisquel-usebackport-cve-2022-35978-minetest-patch has a post about this question, and maybe how to backport a patch.
It partly shows
dpkg-source: info: extracting minetest in minetest-5.4.1+repack dpkg-source: info: unpacking minetest_5.4.1+repack.orig.tar.gz dpkg-source: info: unpacking minetest_5.4.1+repack-2build1.debian.tar.xz dpkg-source: info: using patch list from debian/patches/series dpkg-source: info: applying kfreebsd-gettext.patch dpkg-source: info: applying shared_mods.patch dpkg-source: info: applying rawlua.patch dpkg-source: info: applying postgresql.patch dpkg-source: info: applying fix_typos.patch dpkg-source: info: applying gcc_11.patch
Though just pulling code or binaries from upstream may introduce a vulnerability into Trisquel.
https://trisquel.info/en/forum/glibc-vulnerability-newer-versions
shows in part.
For the first vulnerability (CVE-2023-6246), a significant security flaw has been identified in the GNU C Library’s __vsyslog_internal() function, affecting syslog() and vsyslog(). This heap-based buffer overflow vulnerability was inadvertently introduced in glibc 2.37 (August 2022) and subsequently backported to glibc 2.36 while addressing a different, less severe vulnerability (CVE-2022-39046). Major Linux distributions like Debian (versions 12 and 13), Ubuntu (23.04 and 23.10), and Fedora (37 to 39) are confirmed to be vulnerable. This flaw allows local privilege escalation, enabling an unprivileged user to gain full root access, as demonstrated in Fedora 38.