FS#72802 - [libspf2] [Security] arbitrary code execution (CVE-2021-20314)

Attached to Project: Community Packages
Opened by George Rawlinson (rawlinsong) - Sunday, 21 November 2021, 02:39 GMT
Last edited by George Rawlinson (rawlinsong) - Saturday, 25 December 2021, 23:35 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Thore Bödecker (foxxx0)
George Rawlinson (rawlinsong)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Summary
=======

The package libspf2 is vulnerable to arbitrary code execution via CVE-2021-20314.

Guidance
========

Fix has been backported in 1.2.10-7.

A few distros have bumped versions to 1.2.11, but there is no upstream tag or release (there are no git tags on upstream at all). There is a single commit that references a version bump, but that does not necessarily equate to a release.

References
==========

https://security.archlinux.org/AVG-2280
https://www.openwall.com/lists/oss-security/2021/08/11/6
https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef
This task depends upon

Closed by  George Rawlinson (rawlinsong)
Saturday, 25 December 2021, 23:35 GMT
Reason for closing:  Fixed

Loading...