FS#70520 - [libcaca] [security] multiple overflow vulnerabilities

Attached to Project: Arch Linux
Opened by T.J. Townsend (blakkheim) - Tuesday, 20 April 2021, 18:05 GMT
Last edited by Antonio Rojas (arojas) - Sunday, 24 October 2021, 10:29 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Jan de Groot (JGC)
Jan Alexander Steffens (heftig)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


Several security fixes have been posted to the libcaca issue tracker that include stack buffer overflows and heap buffer overflows. We may want to bring them into the Arch package as upstream is not super active.

Additional info:
This task depends upon

Closed by  Antonio Rojas (arojas)
Sunday, 24 October 2021, 10:29 GMT
Reason for closing:  Fixed
Comment by T.J. Townsend (blakkheim) - Sunday, 23 May 2021, 16:59 GMT
Friendly ping.
Comment by Jan Alexander Steffens (heftig) - Sunday, 23 May 2021, 18:51 GMT
There's a PR to fix 53 and 54 (https://github.com/cacalabs/libcaca/pull/57) but no fix for 55 and 56.
Comment by T.J. Townsend (blakkheim) - Thursday, 21 October 2021, 21:53 GMT
This can be closed now.