To patch CVEs in Ubuntu we generally require them to first be fixed by the upstream project and then we can integrate the patch in our releases. In this case since the upstream seems to no longer exist, I am not sure there is a clear way forward at this time. If a patch is developed then we can look at releasing that for Ubuntu but until then I think we may just have to leave this issue as known but unpatched.
** Changed in: midicsv (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2087775 Title: heap-buffer overflow in midicsv.c:123 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/midicsv/+bug/2087775/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs