Bug#987959: pev: peres affected by off-by-one error in libpe

Since it can corrupt adjacent heap chunk metadata, this definitely looks like a security issue to me. On Thu, May 6, 2021 at 9:29 AM Petter Reinholdtsen wrote: > > I asked for an unblock from the release team in > https://bugs.debian.org/988095 >. > > -- > Happy hacking > Petter Reinholdtsen >

Bug#987959: pev: peres affected by off-by-one error in libpe

I asked for an unblock from the release team in https://bugs.debian.org/988095 >. -- Happy hacking Petter Reinholdtsen

Bug#987959: pev: peres affected by off-by-one error in libpe

I've asked upstream if this is a security issue, and if so, what its CVE is, in https://github.com/merces/libpe/issues/34 >. As far as I can tell, it is writing past the assigned buffer, which might be a security issue. -- Happy hacking Petter Reinholdtsen

Bug#987959: pev: peres affected by off-by-one error in libpe

Package: pev Version: 0.81-2 Severity: grave Tags: patch security Justification: user security hole X-Debbugs-Cc: benoit.sev...@gmail.com, Debian Security Team Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation?