* Salvatore Bonaccorso <car...@debian.org> [2017-09-24 17:57]: > the following vulnerability was published for ledger. > > CVE-2017-2808[0]: > | An exploitable use-after-free vulnerability exists in the account
This has been fixed upstream: https://github.com/ledger/ledger/commit/f3bad93db256db07b6cb831d4d24f47543f57e4a We're also working on releasing 3.1.2 with fixes for all 4 CVE items. I consider this (and all the other CVE issues filed against ledger) low impact. Salvatore/David, do you want to make a release for stable? Salvatore, can you tell me how to inform CVE/Mitre once 3.1.2 is out that these CVEs have been addressed? -- Martin Michlmayr https://www.cyrius.com/
