Salvatore Bonaccorso comments

Results 92 comments of


                                            Salvatore Bonaccorso

Information disclosure in fuse-exfat

Is there any progress on this issue?

segmentation fault in jerryscript

CVE-2023-30414 was assigned for this issue.

heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h)

This is CVE-2017-6836

Uninitialized GFF line info causes out-of-bounds-read, possible out-of-bounds-write.

This issue seems to have CVE-2021-42006 assigned.

nmk uses LD directly, ignores -Wl LDFLAGS arguments

For reference: Downstream needed in Debian as https://salsa.debian.org/debian/criu/-/merge_requests/3/diffs?commit_id=b854c3ec29988cfc6f925237e74c336f6270d304 and https://salsa.debian.org/debian/criu/-/merge_requests/3/diffs?commit_id=dc3c60c69dc9fbadd8b1b34f1e15346314c311e4

nmk uses LD directly, ignores -Wl LDFLAGS arguments

@adrianreber thanks for the comments + warnings, those are helpful! > I would be very careful with changes to the build system. CRIU is very special in a few area...

Slic3r libslic3r Obj File TriangleMesh::TriangleMesh() out-of-bounds read vulnerability (TALOS-2020-1213, CVE-2020-28590)

Related, there is as well https://talosintelligence.com/vulnerability_reports/TALOS-2022-1593

divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp)

This is CVE-2017-6835

High Severity Security vulnerability with package

@SymbioticKilla But I guess it was not officially asked for REJECT to the assigning CNA? According to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23334 the assigning CNA was "Snyk", so if the issue turns out to...

New test failure isues test_sql_str_func.sh

@tstack so my guess was wrong, it is unrelated to `sqlite3`. But testing with different baseline and downgradng package versions involved in the build: The test succeeds with curl/7.87.0-2 (based...