On Thu, 7 Jul 2022 17:55:11 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=
<j...@inutil.org> wrote:
> Source: squirrel3
> X-Debbugs-CC: t...@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerability was published for squirrel3.
>
> CVE-2022-30292[0]:
> | Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to
> | lack of a certain sq_reservestack call.
>
>
https://github.com/albertodemichelis/squirrel/commit/a6413aa690e0bdfef648c68693349a7b878fe60d
> https://github.com/sprushed/CVE-2022-30292
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2022-30292
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30292
>
> Please adjust the affected versions in the BTS as needed.
>
>
//I have prepared a fix; however this needs the FTBFS in #997441
adressed first.
Will attach a debdiff once that has happened.
best,
--
Matthias Geiger <werdahias>
Debian Maintainer
