[Bug 1201211] New: VUL-0: CVE-2022-230: chafa: Buffer Over-read
https://bugzilla.suse.com/show_bug.cgi?id=1201211 Bug ID: 1201211 Summary: VUL-0: CVE-2022-230: chafa: Buffer Over-read Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/336250/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: jubalh@iodoru.org Reporter: cathy.hu@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- rh#2103678 Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3. https://github.com/hpjansson/chafa/commit/56fabfa18a6880b4cb66047fa655792007... https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816 References: https://bugzilla.redhat.com/show_bug.cgi?id=2103678 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2301 https://github.com/hpjansson/chafa/commit/56fabfa18a6880b4cb66047fa655792007... https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201211 https://bugzilla.suse.com/show_bug.cgi?id=1201211#c1 --- Comment #1 from Hu <cathy.hu@suse.com> --- Affected: - openSUSE:Backports:SLE-15-SP3:Update/chafa 1.4.1 - openSUSE:Backports:SLE-15-SP4:Update/chafa 1.8.0 Not affected (already contains fixing commit): - openSUSE:Factory/chafa 1.12.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201211 Maintenance Robot <maint-coord+maintenance_robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201211 https://bugzilla.suse.com/show_bug.cgi?id=1201211#c2 Michael Vetter <mvetter@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS CC| |mvetter@suse.com Assignee|jubalh@iodoru.org |security-team@suse.de --- Comment #2 from Michael Vetter <mvetter@suse.com> --- openSUSE_Backports_SLE-15-SP3_Update SR#986823 openSUSE_Backports_SLE-15-SP4_Update SR#986827 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201211 https://bugzilla.suse.com/show_bug.cgi?id=1201211#c3 --- Comment #3 from Marcus Meissner <meissner@suse.com> --- can you resubmit with correcrt CVE please, it is truncated in your current submits. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201211 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com Summary|VUL-0: CVE-2022-230: chafa: |VUL-0: CVE-2022-2301: |Buffer Over-read |chafa: Buffer Over-read -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201211 https://bugzilla.suse.com/show_bug.cgi?id=1201211#c6 --- Comment #6 from Michael Vetter <mvetter@suse.com> --- (In reply to Marcus Meissner from comment #3)
can you resubmit with correcrt CVE please, it is truncated in your current submits.
Sure: SR#986874 SR#986875 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201211 https://bugzilla.suse.com/show_bug.cgi?id=1201211#c8 --- Comment #8 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2022:10044-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1201211 CVE References: CVE-2022-2301 JIRA References: Sources used: openSUSE Backports SLE-15-SP3 (src): chafa-1.4.1-bp153.2.8.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201211 https://bugzilla.suse.com/show_bug.cgi?id=1201211#c9 --- Comment #9 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2022:10045-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1201211 CVE References: CVE-2022-2301 JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): chafa-1.8.0-bp154.3.8.1 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com