CVSROOT: /cvs Module name: src Changes by: mill...@cvs.openbsd.org 2023/01/25 12:06:50
Modified files: usr.bin/pkg-config/OpenBSD: PkgConfig.pm Log message: Fix CVE-2023-24056, unbounded variable expansion in pkg-config. We now die with an error when trying to expand a variable that is already longer than 64K. This was never a buffer overflow in our pkg-config, but rather an unbounded memory allocation that would eventually run up against resource limits. OK sthen@ jasper@