unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* libcaca vulnerable to CVE-2021-3410
@ 2021-03-03 20:48 Léo Le Bouter
  2021-03-09  6:19 ` Léo Le Bouter
  0 siblings, 1 reply; 2+ messages in thread
From: Léo Le Bouter @ 2021-03-03 20:48 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 366 bytes --]

CVE-2021-3410	24.02.21 00:15
A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in
caca_resize function in libcaca/caca/canvas.c may lead to local
execution of arbitrary code in the user context.

libcaca has not made a release yet, so you need to look upstream and
cherry-pick the commits.

See https://github.com/cacalabs/libcaca/issues/52

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: libcaca vulnerable to CVE-2021-3410
  2021-03-03 20:48 libcaca vulnerable to CVE-2021-3410 Léo Le Bouter
@ 2021-03-09  6:19 ` Léo Le Bouter
  0 siblings, 0 replies; 2+ messages in thread
From: Léo Le Bouter @ 2021-03-09  6:19 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 550 bytes --]

On Wed, 2021-03-03 at 21:48 +0100, Léo Le Bouter wrote:
> CVE-2021-3410	24.02.21 00:15
> A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in
> caca_resize function in libcaca/caca/canvas.c may lead to local
> execution of arbitrary code in the user context.
> 
> libcaca has not made a release yet, so you need to look upstream and
> cherry-pick the commits.
> 
> See https://github.com/cacalabs/libcaca/issues/52

Fixed at fe830ffd8d761cee27edd069e3d99c1ab891cbf3 by Efraim Flashner <
efraim@flashner.co.il>

Thanks

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-03-09  6:21 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-03 20:48 libcaca vulnerable to CVE-2021-3410 Léo Le Bouter
2021-03-09  6:19 ` Léo Le Bouter

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).