cflow is vulnerable to CVE-2019-16165 and CVE-2019-16166

OpenSubmitted by Léo Le Bouter.
Details
One participant
  • Léo Le Bouter
Owner
unassigned
Severity
normal
L
L
Léo Le Bouter wrote on 31 Mar 03:50 +0200
(address . bug-guix@gnu.org)
ac7acbed2ed51a67ee4b791d692d5d0a3a9eb16f.camel@zaclys.net
I asked the maintainer to fix the issues because they were unfixedsince a while, they have done so recently:
https://git.savannah.gnu.org/cgit/cflow.git/commit/?id=b9a7cd5e9d4efb54141dd0d11c319bb97a4600c6
They have not made a recently, also it seems they fixed other issuesthat could be security relevant in their commit log, not sure if weapply/backport patches or wait for release.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBj1V4ACgkQRaix6GvNEKbUuQ//ZZtNZoVA0wuXSUiQ3ubWdygOsW3dc/q989pMMer+4y4/G0++ZdLCwpCkfh0LAL78XAm1uzMQCCk1RRf1Tf0MpDpBCnEgh3AzSmL26tmmgpDAAfn68WAZ74dWdT4SD9Q9Vvsjm6s2eozU86v+iyEpwA/dDbcKvWkk01krGiSIrRJGCCMdpmLRmUXo0O2DJ+D/yuON84XitqNhbaTKZc6/zK5humPgJ/WqWRUNzVUXzd4EXzVVqMbHFOq7L1FGwkpRCXqROhi6Rwtc8WFu0pJhvaQ0yW/XZWkiOwlCwj0PBP3sF3L6AQ/k+P/OnoA1yLDjT/kDOROLea63LGsZAQ23KRO4l6f2I25KVL+k0Pt8uVBQtrcMBJcVjohOw+CqYiIPP+8AdM97Og73furrlsQiGHIv68S6lzJeEdGej8PU7lJq4EpilZuRQ5AnGfcu+g8iA/1LKtQ9biRuqcC7gOos3mJAjojYUrfywWgtXAFJQTpSC/sXB/NVsw2C+Phxi9bbxsmtngHpvfaXyX2xaK9oWOZEfobqWEJzfUDZQZGITdNLnyWVxkh2DlDVkJ6PvnL+C/EWJ8uOa7QUTFEPaLHbJo9sYjlHmi8TWds1x/jywxaEVypTkUW0zuJ20/8nHaJS1l2Ogr74zumP8wrZvly0Eqx5Qy/0xZUnXL4gWtK+YeA==tZW1-----END PGP SIGNATURE-----

L
L
Léo Le Bouter wrote on 31 Mar 03:51 +0200
(address . control@debbugs.gnu.org)
fc92ea59a8bcafbb4626ffa8e5d24387323edb99.camel@zaclys.net
tags 47510 + securityquit
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBj1ZwACgkQRaix6GvNEKbFrQ/9HoFGIpLxmpxTRe9FaegQCX8rt95PoXNWxq2AuLelA0JcBS6WS0wP4MQmY3hJ84WoRJrd/Yd26hTyQH7oiMX2PGkWpW3AtBquFPZ8pjK8FOpxn8MQD+PAbvEVqksqgA+jhucYpFoj1Gx8AqFiKBE6IInSK/up4Wer1mOvnDHQR2MvF+dPqGSDDIMH14ncOhOMDNAg23SdFD1Z4f+0dexDkfOFzcTiDAGwtqBP7KO464ik+L2jq+BxnvL86cLQtyZ9ZyAAsiH9QyU4fEI4WYUyzHZ7Szl8t72QrjsozZsCxhobOyFK8KRB0TPmtInBm7m0Aq6dpQulHYXtr5nOAyBfGggofVgjEOxreEzliESA1zZ3JxYujrLAKJf8zkl/cdwxnpYBP+wtBY7qlv5tBwl1paTvSSX/1dPlGV/Nk8/ICvrlQYatIGQ8vl3UT9W6EBLe9gLGZcBsZn9LMOIGh6KqeKt1HRJ/i2oNTscJ3FaJXBnV9+JpyPNP9ZcFCfv9PHVIoW53zmJEjjBmi1UR3EKtVYJfhlswnpZXHcsteUOc5adz0SjaJF71h1TkMEpDiTQK4nNjS3MUhnk1YHOcEqwVNX+rwFZj3t3vj5LSrxmbn7/SNfiG9ReRQJLA1xaXU2hagRgQFYgA0sv/MBWFlDuq0CwLjouN/Giu22mE3Oebrwk==vqif-----END PGP SIGNATURE-----

?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send email to 47510@debbugs.gnu.org