[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1084524: lifelines: Lifeline contains a code associated with CVE.

Package: lifelines
Version: 3.0.61 (latest)
Severity: important
X-Debbugs-Cc: mariamarutunian@gmail.com

Dear Maintainer,

A vulnerability identified as CVE-2018-21027 was discovered and fixed in Boa project with the following commit: https://github.com/gpg/boa/pull/1/commits/e139b87835994d007fbd64eead6c1455d7b8cf4e. Which amended the "scandir" function located in extras/scandir.c file. 
Lifeline project contains an identical "scandir" function in the src/arch/scandir.c file, which has not been fixed.
Is is not fixed in version 3.0.62 either.

-- System Information:
Debian Release: trixie/sid
  APT prefers noble-updates
  APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), (500, 'bionic'), (100, 'noble-backports')
Architecture: amd64 (x86_64)

Kernel: Linux 6.8.0-45-generic (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lifelines depends on:
ii  libc6         2.39-0ubuntu8.3
ii  libncursesw5  6.1-1ubuntu1
ii  libncursesw6  6.4+20240113-1ubuntu2
ii  libtinfo5     6.1-1ubuntu1
ii  libtinfo6     6.4+20240113-1ubuntu2

lifelines recommends no packages.

lifelines suggests no packages.
Reply to: