[Bug 1201770] New: VUL-0: CVE-2014-9862: libostree: bundled bsdiff Improper checking of input allows arbitrary write on heap
http://bugzilla.opensuse.org/show_bug.cgi?id=1201770 Bug ID: 1201770 Summary: VUL-0: CVE-2014-9862: libostree: bundled bsdiff Improper checking of input allows arbitrary write on heap Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: gnome-bugs@suse.de Reporter: Andreas.Stieger@gmx.de QA Contact: security-team@suse.de Found By: --- Blocker: --- see bug 990660 / CVE-2014-9862 libostree has a bundled version of bsdiff from https://github.com/ostreedev/ostree/releases/tag/v2022.1
The git submodule for bsdiff has been updated to latest upstream revision, picking up additional bound-checks and fixing CVE-2014-9862.
https://github.com/ostreedev/ostree/commit/97399c166dbf402c7948a96d770ce55dc... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1201770 http://bugzilla.opensuse.org/show_bug.cgi?id=1201770#c2 --- Comment #2 from Andreas Stieger <Andreas.Stieger@gmx.de> --- https://build.opensuse.org/request/show/990787 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1201770 http://bugzilla.opensuse.org/show_bug.cgi?id=1201770#c3 --- Comment #3 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1201770) was mentioned in https://build.opensuse.org/request/show/992693 Factory / libostree -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com