FS#72802 : [libspf2] [Security] arbitrary code execution (CVE-2021-20314)

FS#72802 - [libspf2] [Security] arbitrary code execution (CVE-2021-20314)

Attached to Project: Community Packages
Opened by George Rawlinson (rawlinsong) - Sunday, 21 November 2021, 02:39 GMT
Last edited by George Rawlinson (rawlinsong) - Saturday, 25 December 2021, 23:35 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Thore Bödecker (foxxx0) George Rawlinson (rawlinsong)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

The package libspf2 is vulnerable to arbitrary code execution via CVE-2021-20314.

Guidance
========

Fix has been backported in 1.2.10-7.

A few distros have bumped versions to 1.2.11, but there is no upstream tag or release (there are no git tags on upstream at all). There is a single commit that references a version bump, but that does not necessarily equate to a release.

References
==========

https://security.archlinux.org/AVG-2280
https://www.openwall.com/lists/oss-security/2021/08/11/6
https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef

This task depends upon

Closed by George Rawlinson (rawlinsong)
Saturday, 25 December 2021, 23:35 GMT
Reason for closing: Fixed

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#72802 - [libspf2] [Security] arbitrary code execution (CVE-2021-20314)

Details

Loading...