Bug#1019358: davs2: CVE-2022-36647

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1019358: davs2: CVE-2022-36647
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 07 Sep 2022 21:51:56 +0200
Message-id: <[🔎] 166258031657.666782.6933916921197090811.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1019358@bugs.debian.org

Source: davs2
Version: 1.6-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/pkuvcl/davs2/issues/29
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for davs2.

CVE-2022-36647[0]:
| PKUVCL davs2 v1.6.205 was discovered to contain a global buffer
| overflow via the function parse_sequence_header() at
| source/common/header.cc:269.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-36647
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36647
[1] https://github.com/pkuvcl/davs2/issues/29
[2] https://github.com/pkuvcl/davs2/commit/b41cf117452e2d73d827f02d3e30aa20f1c721ac

Regards,
Salvatore

Reply to:

Prev by Date: Processed: Re: Bug#1019051: ffmpeg: Repackaging with pipewire: dpkg-shlibdeps: error: no dependency information found for libjack.so.0 used by libavdevice.so.59.7.100
Next by Date: Bug#1019363: libheif: Broken homepage
Previous by thread: Bug#1012977: marked as done (libffado: ftbfs with GCC-12)
Next by thread: Bug#1019363: libheif: Broken homepage
Index(es):
- Date
- Thread