Change History (2)
comment:1 by , 4 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:2 by , 4 years ago
| Priority: | normal → high |
|---|
Security related changes: CVE-2016-10228: An infinite loop has been fixed in the iconv program when invoked with the -c option and when processing invalid multi-byte input sequences. Reported by Jan Engelhardt. CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack corruption when they were passed a pseudo-zero argument. Reported by Guido Vranken / ForAllSecure Mayhem. CVE-2020-1752: A use-after-free vulnerability in the glob function when expanding ~user has been fixed. CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and memmove functions has been fixed. Discovered by Jason Royes and Samual Dytrych of the Cisco Security Assessment and Penetration Team (See TALOS-2020-1019).
Only three of the issues affect us: CVE-2020-1752, CVE-2020-10029, and CVE-2016-10228.
Retroactively promoting to High so I can add errata
Note:
See TracTickets
for help on using tickets.
fixed at revision 12011.