Package: lifelines Version: 3.0.61 (latest) Severity: important X-Debbugs-Cc: mariamarutun...@gmail.com
Dear Maintainer, A vulnerability identified as CVE-2018-21027 was discovered and fixed in Boa project with the following commit: https://github.com/gpg/boa/pull/1/commits/e139b87835994d007fbd64eead6c1455d7b8cf4e. Which amended the "scandir" function located in extras/scandir.c file. Lifeline project contains an identical "scandir" function in the src/arch/scandir.c file, which has not been fixed. Is is not fixed in version 3.0.62 either. -- System Information: Debian Release: trixie/sid APT prefers noble-updates APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), (500, 'bionic'), (100, 'noble-backports') Architecture: amd64 (x86_64) Kernel: Linux 6.8.0-45-generic (SMP w/20 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages lifelines depends on: ii libc6 2.39-0ubuntu8.3 ii libncursesw5 6.1-1ubuntu1 ii libncursesw6 6.4+20240113-1ubuntu2 ii libtinfo5 6.1-1ubuntu1 ii libtinfo6 6.4+20240113-1ubuntu2 lifelines recommends no packages. lifelines suggests no packages.