[Bug 1039012] VUL-0: CVE-2017-8929: yara: denial of service (use-after-free and application crash) via a crafted rule (sized_string_cmp func in libyara/sizedstr.c)

http://bugzilla.novell.com/show_bug.cgi?id=1039012 http://bugzilla.novell.com/show_bug.cgi?id=1039012#c3 Greg Freemyer changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |WONTFIX --- Comment #3 from Greg Freemyer --- Resolved in v3.6.1 available in security:forensics. Reason for won't fix: yara in 42.2 has python-yara as a subpackage provided in the main tarball by upstream. Upstream has pulled python-yara out of the main tarball and now provides it as separate project. I've split python-yara out of yara in security:forensics. That was easy to submit to factory and it is in 42.3. I don't believe it is an option to submit a new package to 42.2 at this point. -- You are receiving this mail because: You are on the CC list for the bug.