Hi
I have prepared a patch for CVE-2021-3121 described in:
You can find the patch here:
The patch is based on the following commit:
My conclusion is that the field function in stretch is unaffected. The reason is that there is no skippy check there at all in the stretch version.
For the generate function the iNdEx check was not in place so I added it, similar to the patch.
I do have a problem, and that is to check whether the code introduce some regression issue. Also since the CVE lack a description of the effect of this problem I have little knowledge on what the result of this may be.
Therefore I would highly appreciate a description of what this problem is and how to regression test the package.
Thank you in advance!
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
---------------------------------------------------------------