Since it can corrupt adjacent heap chunk metadata, this definitely looks
like a security issue to me.
On Thu, May 6, 2021 at 9:29 AM Petter Reinholdtsen wrote:
>
> I asked for an unblock from the release team in
> https://bugs.debian.org/988095 >.
>
> --
> Happy hacking
> Petter Reinholdtsen
>
I asked for an unblock from the release team in
https://bugs.debian.org/988095 >.
--
Happy hacking
Petter Reinholdtsen
I've asked upstream if this is a security issue, and if so, what its CVE
is, in https://github.com/merces/libpe/issues/34 >.
As far as I can tell, it is writing past the assigned buffer, which
might be a security issue.
--
Happy hacking
Petter Reinholdtsen
Package: pev
Version: 0.81-2
Severity: grave
Tags: patch security
Justification: user security hole
X-Debbugs-Cc: benoit.sev...@gmail.com, Debian Security Team
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
4 matches
Mail list logo