Hi Salvatore, On 2018-07-21 00:01, Salvatore Bonaccorso wrote: > Source: confuse > Version: 3.2.1+dfsg-1 > Severity: important > Tags: security upstream > Forwarded: https://github.com/martinh/libconfuse/issues/109 > > Hi, > > The following vulnerability was published for confuse, filling this > bug to track the upstream issue reporter. > > CVE-2018-14447[0]: > | trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds > | read. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2018-14447 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14447 > [1] https://github.com/martinh/libconfuse/issues/109
Now that the fix is available upstream, I have just fixed the bug in sid. Do you want me to also prepare a package for stretch? Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net
signature.asc
Description: PGP signature
