Bug#939915: clfow: CVE-2019-16165

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#939915: clfow: CVE-2019-16165
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 10 Sep 2019 08:22:16 +0200
Message-id: <[🔎] 156809653692.15961.10599428470718337694.reportbug@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 939915@bugs.debian.org

Source: cflow
Version: 1:1.6-4
Severity: important
Tags: security upstream
Forwarded: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00001.html
Control: found -1 1:1.6-1

Hi,

The following vulnerability was published for cflow.

CVE-2019-16165[0]:
| GNU cflow through 1.6 has a use-after-free in the reference function
| in parser.c.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-16165
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16165
[1] https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00001.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Reply to:

Follow-Ups:
- Processed: clfow: CVE-2019-16165
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: clfow: CVE-2019-16165
Next by Date: Bug#939916: clfow: CVE-2019-16166
Previous by thread: Processed: severity of 933407 is important, severity of 933408 is important, severity of 933411 is important ...
Next by thread: Processed: clfow: CVE-2019-16165
Index(es):
- Date
- Thread