Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#57642 - [leptonica] Multiple unaddressed CVEs
Attached to Project:
Community Packages
Opened by Karol Babioch (kbabioch) - Monday, 26 February 2018, 08:47 GMT
Last edited by Jelle van der Waa (jelly) - Sunday, 22 July 2018, 13:39 GMT
Opened by Karol Babioch (kbabioch) - Monday, 26 February 2018, 08:47 GMT
Last edited by Jelle van der Waa (jelly) - Sunday, 22 July 2018, 13:39 GMT
|
DetailsShould be added to the tracker:
- CVE-2018-7442 (currently unfixed) - CVE-2018-7441 (currently unfixed) - CVE-2018-7440 (unfixed in released version, "fix" available: https://github.com/DanBloomberg/leptonica/pull/313) - CVE-2018-7247 fixed in 1.75.3 - CVE-2018-7186 fixed in 1.75.3 - CVE-2018-3836 "fixed" in 1.75.3 - CVE-2017-18196: probably fixed in 1.74? |
This task depends upon
Closed by Jelle van der Waa (jelly)
Sunday, 22 July 2018, 13:39 GMT
Reason for closing: Fixed
Additional comments about closing: All resolved in 1.76
Sunday, 22 July 2018, 13:39 GMT
Reason for closing: Fixed
Additional comments about closing: All resolved in 1.76