FS#70043 - [cgal] [Security] arbitrary code execution (Multiple CVE's)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Wednesday, 17 March 2021, 12:20 GMT
Last edited by Bruno Pagani (ArchangeGabriel) - Tuesday, 15 March 2022, 23:42 GMT
Opened by Jonas Witschel (diabonas) - Wednesday, 17 March 2021, 12:20 GMT
Last edited by Bruno Pagani (ArchangeGabriel) - Tuesday, 15 March 2022, 23:42 GMT
|
Details
Summary
======= The package cgal is vulnerable to arbitrary code execution via CVE-2020-35636, CVE-2020-35635, CVE-2020-35634, CVE-2020-35633, CVE-2020-35632, CVE-2020-35631, CVE-2020-35630, CVE-2020-35629, CVE-2020-35628, CVE-2020-28636, CVE-2020-28635, CVE-2020-28634, CVE-2020-28633, CVE-2020-28632, CVE-2020-28631, CVE-2020-28630, CVE-2020-28629, CVE-2020-28628, CVE-2020-28627, CVE-2020-28626, CVE-2020-28625, CVE-2020-28624, CVE-2020-28623, CVE-2020-28622, CVE-2020-28621, CVE-2020-28620, CVE-2020-28619, CVE-2020-28618, CVE-2020-28617, CVE-2020-28616, CVE-2020-28615, CVE-2020-28614, CVE-2020-28613, CVE-2020-28612, CVE-2020-28611, CVE-2020-28610, CVE-2020-28609, CVE-2020-28608, CVE-2020-28607, CVE-2020-28606, CVE-2020-28605, CVE-2020-28604, CVE-2020-28603, CVE-2020-28602 and CVE-2020-28601. Guidance ======== Upgrading cgal to the latest version 5.2.1 (https://github.com/CGAL/cgal/releases/tag/v5.2.1) fixes the issues. References ========== https://security.archlinux.org/AVG-1643 https://github.com/CGAL/cgal/pull/5371 https://github.com/CGAL/cgal/commit/e1870c15224ddd5d79b1df5b8248e4c6813d7398 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 |
This task depends upon
Closed by Bruno Pagani (ArchangeGabriel)
Tuesday, 15 March 2022, 23:42 GMT
Reason for closing: Fixed
Additional comments about closing: Updated CGAL to 5.4.
Tuesday, 15 March 2022, 23:42 GMT
Reason for closing: Fixed
Additional comments about closing: Updated CGAL to 5.4.