ALT-BU-2022-4598-1
Branch sisyphus_e2k update bulletin.
Package cflow updated to version 1.7-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2021-04641
Уязвимость функции call() компонента src/parser.c анализатора потока управления для исходных файлов C Cflow, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-16165
GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.
Modified: 2024-11-21
CVE-2019-16166
GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.
Modified: 2024-11-21
CVE-2020-23856
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
- https://github.com/yangjiageng/PoC/blob/master/PoC_cflow_uaf_parser_line1284
- https://github.com/yangjiageng/PoC/blob/master/PoC_cflow_uaf_parser_line1284
- FEDORA-2021-6ef76430d0
- FEDORA-2021-6ef76430d0
- FEDORA-2021-e8cab459ab
- FEDORA-2021-e8cab459ab
- https://lists.gnu.org/archive/html/bug-cflow/2020-07/msg00000.html
- https://lists.gnu.org/archive/html/bug-cflow/2020-07/msg00000.html
Package fonts-otf-philosopher updated to version 1.000-alt3 for branch sisyphus_e2k.
Closed bugs
fonts-otf-philosopher: устаревшие макросы %post(un)_fonts.
Package clickhouse-cpp updated to version 1.2.2-alt2 for branch sisyphus_e2k.
Closed bugs
Файловый конфликт с пакетом libclickhouse-cpp-devel