Source: duo-unix Severity: normal Tags: security duo-unix seems to embed a copy of bson, which is affected by http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12135
Nothing inside duo-unix seems to call bson_ensure_space(), but it probably still makes sense for upstream to update the embedded copy to the latest version. Cheers, Moritz