ALT-BU-2023-2799-1
Branch sisyphus_riscv64 update bulletin.
Package libheif updated to version 1.15.1-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2023-01487
Уязвимость компилятора Emscripten библиотеки кодирования и декодирования файлов HEIF и AVIF Libheif, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-03-12
CVE-2023-0996
There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.
Package lxqt-config updated to version 1.2.0-alt2 for branch sisyphus_riscv64.
Closed bugs
Не собирается с plasma-5.27
Package golang updated to version 1.19.7-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2023-02657
Уязвимость методов ScalarMult и ScalarBaseMult языка программирования Go, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
Modified: 2024-11-21
CVE-2023-24532
The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.
- https://go.dev/cl/471255
- https://go.dev/cl/471255
- https://go.dev/issue/58647
- https://go.dev/issue/58647
- https://groups.google.com/g/golang-announce/c/3-TpUx48iQY
- https://groups.google.com/g/golang-announce/c/3-TpUx48iQY
- https://pkg.go.dev/vuln/GO-2023-1621
- https://pkg.go.dev/vuln/GO-2023-1621
- https://security.netapp.com/advisory/ntap-20230331-0011/