CVE-2020-16124: Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions. Fixed in https://github.com/ros/ros_comm/pull/2065. The merged commit from the pull request shows as merged in 1.15.9, so please cleanup.
Ping.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc09412cfce876dbf253972f2bce9f22ff23e7e8 commit fc09412cfce876dbf253972f2bce9f22ff23e7e8 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-07-24 05:56:08 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-07-24 06:21:29 +0000 ros-meta/ros_comm: drop 1.15.7, 1.15.8 Bug: https://bugs.gentoo.org/750869 Signed-off-by: John Helmert III <ajak@gentoo.org> ros-meta/ros_comm/Manifest | 2 -- ros-meta/ros_comm/ros_comm-1.15.7.ebuild | 58 -------------------------------- ros-meta/ros_comm/ros_comm-1.15.8.ebuild | 58 -------------------------------- 3 files changed, 118 deletions(-)
