To patch CVEs in Ubuntu we generally require them to first be fixed by
the upstream project and then we can integrate the patch in our
releases. In this case since the upstream seems to no longer exist, I am
not sure there is a clear way forward at this time. If a patch is
developed then we can look at releasing that for Ubuntu but until then I
think we may just have to leave this issue as known but unpatched.

** Changed in: midicsv (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2087775

Title:
  heap-buffer overflow in midicsv.c:123

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/midicsv/+bug/2087775/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to