Re: libcaca vulnerable to CVE-2021-3410

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: libcaca vulnerable to CVE-2021-3410

From:	Léo Le Bouter
Subject:	Re: libcaca vulnerable to CVE-2021-3410
Date:	Tue, 09 Mar 2021 07:19:52 +0100
User-agent:	Evolution 3.34.2

On Wed, 2021-03-03 at 21:48 +0100, Léo Le Bouter wrote:
> CVE-2021-3410 24.02.21 00:15
> A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in
> caca_resize function in libcaca/caca/canvas.c may lead to local
> execution of arbitrary code in the user context.
> 
> libcaca has not made a release yet, so you need to look upstream and
> cherry-pick the commits.
> 
> See https://github.com/cacalabs/libcaca/issues/52

Fixed at fe830ffd8d761cee27edd069e3d99c1ab891cbf3 by Efraim Flashner <
efraim@flashner.co.il>

Thanks

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

libcaca vulnerable to CVE-2021-3410, Léo Le Bouter, 2021/03/03
- Re: libcaca vulnerable to CVE-2021-3410, Léo Le Bouter <=

Prev by Date: Re: Opposition to new single-letter package name "t"
Next by Date: Re: guix environment --profile with --ad-hoc
Previous by thread: libcaca vulnerable to CVE-2021-3410
Next by thread: mupdf vulnerable to CVE-2021-3407
Index(es):
- Date
- Thread