bug#47510: cflow is vulnerable to CVE-2019-16165 and CVE-2019-16166

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47510: cflow is vulnerable to CVE-2019-16165 and CVE-2019-16166

From:	Maxim Cournoyer
Subject:	bug#47510: cflow is vulnerable to CVE-2019-16165 and CVE-2019-16166
Date:	Thu, 17 Mar 2022 22:35:12 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

Hello!

Léo Le Bouter <lle-bout@zaclys.net> writes:

> I asked the maintainer to fix the issues because they were unfixed
> since a while, they have done so recently:
>
> https://git.savannah.gnu.org/cgit/cflow.git/commit/?id=b9a7cd5e9d4efb54141dd0d11c319bb97a4600c6
>
> They have not made a recently, also it seems they fixed other issues
> that could be security relevant in their commit log, not sure if we
> apply/backport patches or wait for release.

Our cflow package is now at 1.7, which includes the above commit and CVE
fixes.

Thank you,

Maxim

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47510: cflow is vulnerable to CVE-2019-16165 and CVE-2019-16166, Maxim Cournoyer <=

Prev by Date: bug#48131: build failure: 1.3.0rc1 on Debian i386 with guile-2.2
Next by Date: bug#47628: webkitgtk-2.32.0 fails to launch without /usr/bin
Previous by thread: bug#48131: build failure: 1.3.0rc1 on Debian i386 with guile-2.2
Next by thread: bug#47628: webkitgtk-2.32.0 fails to launch without /usr/bin
Index(es):
- Date
- Thread