Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#52362 - [unrtf]security issue with stack-based buffer overflows in cmd_* functions (CVE-2016-10091)
Attached to Project:
Community Packages
Opened by Filip Frackiewicz (notreallyhere) - Wednesday, 04 January 2017, 01:28 GMT
Last edited by Jaroslav Lichtblau (Dragonlord) - Thursday, 05 January 2017, 20:39 GMT
Opened by Filip Frackiewicz (notreallyhere) - Wednesday, 04 January 2017, 01:28 GMT
Last edited by Jaroslav Lichtblau (Dragonlord) - Thursday, 05 January 2017, 20:39 GMT
|
DetailsThere is has been a security issue discovered in the untrf package:
Version 0.21.9 has a stack-based buffer overflow in unrtf, which affects three functions including: cmd_expand, cmd_emboss and cmd_engrave. Source: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849705 Upstream patch: http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406 |
This task depends upon
Closed by Jaroslav Lichtblau (Dragonlord)
Thursday, 05 January 2017, 20:39 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in unrtf-0.21.9-2
Thursday, 05 January 2017, 20:39 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in unrtf-0.21.9-2