[Bug 1912050] Re: Use after free in libgetdata v0.10.0 may lead to arbitrary code execution
Thank you Alex, Steve, The developer did not respond, so I guess Red Hat Security team decided to act on the vulnerability advisory. Thank you guys for following up on this. --- Carlos -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912050 Title: Use after free in libgetdata v0.10.0 may lead to arbitrary code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libgetdata/+bug/1912050/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1912091] Re: Memory Leak GNU Tar 1.33
Update: CVE-2021-20193 has been assigned to this vulnerability by Red Hat Security team. --- Carlos ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-20193 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912091 Title: Memory Leak GNU Tar 1.33 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1912091] Re: Memory Leak GNU Tar 1.33
Update This vulnerability has been discussed with the developer. Developer has released a public fix. Original Post in GNU TAR Project: https://savannah.gnu.org/bugs/?59897 Commit with fix: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777 This thread can go public now. ** Bug watch added: GNU Savannah Bug Tracker #59897 http://savannah.gnu.org/bugs/?59897 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912091 Title: Memory Leak GNU Tar 1.33 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs