On Thu, 17 Jun 2021 15:45:22 +0200, Salvatore Bonaccorso <car...@debian.org> said:
> The following vulnerability was published for olm. > CVE-2021-34813[0]: > | Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to > | crash a client (while it is attempting to retrieve an Olm encrypted > | room key backup from the homeserver) because olm_pk_decrypt has a > | stack-based buffer overflow. Remote code execution might be possible > | for some nonstandard build configurations. FWIW, no application in buster uses the affected function. -- Hubert Chathi <uho...@debian.org> -- https://www.uhoreg.ca/ Jabber: hub...@uhoreg.ca -- Matrix: @uhoreg:matrix.org PGP/GnuPG key: 4096R/F24C F749 6C73 DDB8 DCB8 72DE B2DE 88D3 113A 1368
