From the NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39976 ``` log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. ``` Reproducible: Always
Looks like this is fixed in 2.0.8: https://github.com/ClusterLabs/libqb/releases/tag/v2.0.8
On ChromeOS we have moved to libqqb 2.0.8 with the same ebuild as 2.0.4 with just a name change and the newer source archive + digests. https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/5177738
(In reply to Allen Webb from comment #2) > On ChromeOS we have moved to libqqb 2.0.8 with the same ebuild as 2.0.4 with > just a name change and the newer source archive + digests. > > https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos- > overlay/+/5177738 Care to make a PR? :)