Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#70520 - [libcaca] [security] multiple overflow vulnerabilities
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Tuesday, 20 April 2021, 18:05 GMT
Last edited by Antonio Rojas (arojas) - Sunday, 24 October 2021, 10:29 GMT
Opened by T.J. Townsend (blakkheim) - Tuesday, 20 April 2021, 18:05 GMT
Last edited by Antonio Rojas (arojas) - Sunday, 24 October 2021, 10:29 GMT
|
DetailsDescription:
Several security fixes have been posted to the libcaca issue tracker that include stack buffer overflows and heap buffer overflows. We may want to bring them into the Arch package as upstream is not super active. Additional info: https://github.com/cacalabs/libcaca/issues/53 https://github.com/cacalabs/libcaca/issues/54 https://github.com/cacalabs/libcaca/issues/55 https://github.com/cacalabs/libcaca/issues/56 |
This task depends upon
Comment by T.J. Townsend (blakkheim) -
Sunday, 23 May 2021, 16:59 GMT
Friendly ping.
Comment by Jan Alexander Steffens (heftig) -
Sunday, 23 May 2021, 18:51 GMT
There's a PR to fix 53 and 54 (https://github.com/cacalabs/libcaca/pull/57) but no fix for 55 and 56.
Comment by T.J. Townsend (blakkheim) -
Thursday, 21 October 2021, 21:53 GMT
This can be closed now.