Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#46474 - [libunwind] CVE-2015-3239, off-by-one in libunwind <= 1.1
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Tuesday, 29 September 2015, 14:08 GMT
Last edited by Sébastien Luttringer (seblu) - Wednesday, 30 September 2015, 19:59 GMT
Opened by Remi Gacogne (rgacogne) - Tuesday, 29 September 2015, 14:08 GMT
Last edited by Sébastien Luttringer (seblu) - Wednesday, 30 September 2015, 19:59 GMT
|
DetailsHello,
Using the ArchCVE[1] tool, I noticed that a vulnerability[2] in libunwind seem to have slipped through the cracks. It is not critical, but as a new version has still not been released, we might want to backport the small fix applied upstream[3] to fix this issue. [1]: https://github.com/jelly/ArchCVE [2]: https://bugzilla.redhat.com/show_bug.cgi?id=1232265 [3]: http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1 |
This task depends upon
Closed by Sébastien Luttringer (seblu)
Wednesday, 30 September 2015, 19:59 GMT
Reason for closing: Fixed
Additional comments about closing: libunwind-1.1-3-
Wednesday, 30 September 2015, 19:59 GMT
Reason for closing: Fixed
Additional comments about closing: libunwind-1.1-3-