Robert Scott
Robert Scott
I may be incorrect but isn't a similar unbounded copy into `buf` performed just a few lines before @ https://github.com/Exiv2/exiv2/blob/a38e124076138e529774d5ec9890d0731058115a/src/quicktimevideo.cpp#L832 ? Or is there some assertion somewhere else that limits...
Ah - I see that's covered by one of the other CVEs.
@ofborg eval
There was definitely a tag though. Perhaps they decided it was premature.
They still seem to be fixing many "memory issues" on `master`
Interesting. It passed for me on macos 10.15. I notice it's a timeout - let me see...... @ofborg build bind
> Not really sure if BIND is supported on Darwin, tbf. Plenty of mentions of macos in the source and build system, so I assume so.
Interesting. Passes for me on binfmt_misc-emulated aarch64. @ofborg build bind
Grafana 7.x is now EOL and not receiving security fixes for the likes of https://grafana.com/blog/2022/09/20/grafana-security-releases-new-versions-with-moderate-severity-security-fixes-for-cve-2022-35957-and-cve-2022-36062/
That could easily turn into a multi-page manual. The "ratio" debt is essentially saying "This cell is advertising n% of the actual free memory it has". "200%" means it's advertising...