Bug#908939: gpp: CVE-2018-17076

[Leandro Cunha <leandrocunha016@gmail.com>]

Source: gpp
Version: 2.25
Severity: normal
Tags: security upstream, nmu, package orphaned

Salvatore,

Do you support the idea of an NMU for GPP? I'm working on it, it hasn't been updated in two years.
I have an initiative to study packaging by updating packages like this.
The package is orphaned, even if it hasn't been updated for that long, I will need a sponsor. If you are interested in sponsoring the upload, I would be grateful. I believe that I will be helping the project in some way. I take security very seriously. It seems to me that the problem was fixed almost 1 month ago and discussed on git.

https://www.suse.com/pt-br/security/cve/CVE-2018-17076/

https://bugzilla.suse.com/show_bug.cgi?id=1108673&_ga=2.126348621.1528485538.1593133070-1237789434.1593133070

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812622

https://github.com/logological/gpp

https://nvd.nist.gov/vuln/detail/CVE-2018-17076

https://github.com/logological/gpp/issues/26

https://security-tracker.debian.org/tracker/CVE-2018-17076

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17076

https://github.com/logological/gpp/issues/26

Regards,
Leandro