Bug#949325: libmysofa: CVE-2020-6860

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#949325: libmysofa: CVE-2020-6860
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 19 Jan 2020 21:11:20 +0100
Message-id: <[🔎] 157946468046.1528063.15719266069216898084.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 949325@bugs.debian.org

Source: libmysofa
Version: 0.9.1~dfsg0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/hoene/libmysofa/issues/96

Hi,

The following vulnerability was published for libmysofa.

CVE-2020-6860[0]:
| libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in
| hdf/dataobject.c during the reading of a header message attribute.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-6860
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6860
[1] https://github.com/hoene/libmysofa/issues/96
[2] https://github.com/hoene/libmysofa/commit/c31120a4ddfe3fc705cfdd74da7e884e1866da85

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Prev by Date: tiatracker_1.3-1_amd64.changes ACCEPTED into unstable, unstable
Next by Date: pd-wiimote is marked for autoremoval from testing
Previous by thread: tiatracker_1.3-1_amd64.changes ACCEPTED into unstable, unstable
Next by thread: pd-wiimote is marked for autoremoval from testing
Index(es):
- Date
- Thread