Quoting Salvatore Bonaccorso (2020-03-25 21:07:13) > Source: libunivalue > Version: 1.0.4-2 > Severity: important > Tags: security upstream > Forwarded: https://github.com/jgarzik/univalue/pull/58 > > Hi, > > The following vulnerability was published for libunivalue. > > CVE-2019-18936[0]: > | UniValue::read() in UniValue before 1.0.5 allow attackers to cause a > | denial of service (the class internal data reaches an inconsistent > | state) via input data that triggers an error. > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2019-18936 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18936 > [1] https://github.com/jgarzik/univalue/pull/58
I have prepared fixed packages for stretch and buster for this issue. In case you want to examine my work (I how highly appreciate that!) they are available on newly created branches debian/buster and debian/stretch in git g...@salsa.debian.org:cryptocoin-team/libunivalue.git a.k.a. https://salsa.debian.org/cryptocoin-team/libunivalue.git How do I proceed? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
