Restricted Fedora security bug: https://bugzilla.redhat.com/show_bug.cgi?id=884000 Fedora is calling the patch "signedwarning.patch" Upstream commit: http://cgit.freedesktop.org/fribidi/fribidi/patch/?id=78dc3af68ed0e1aafe54c176b28dadee66eb306c Unfortunately, I don't have more details due to the bug being restricted This is fixed in Portage as =dev-libs/fribidi-0.19.5-r1
As per the subject of the patch: Subject: Fix theoretically possible overflow I'd say B2
sparc stable
Stable for HPPA.
x86 stable
amd64 stable
ppc stable
arm stable
alpha/ia64/sh stable
ppc64 stable
All arches done. Vulnerable versions removed from Portage.
Not much we can do here until this is unrestricted upstream and gets a CVE.
Any update on this? Guess this can be closed as its been ~5months.
(In reply to Ian Whyman (thev00d00) from comment #12) > Any update on this? > > Guess this can be closed as its been ~5months. Not yet, we should write and then release GLSA. But there is no CVE for this bug, it seems.
Another 2 years and still no CVE and Redhat's bug is still restricted. Vulnerability mitigated with previous commits.
Per previous comment still no CVE and many years since reported.