Summary: | dev-libs/opensc-0.19.0: memleak in libopensc | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | psp <gentoo-bugzilla> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | alonbl, crypto+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6502 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=704216 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
dev-libs/opensc-0.19.0
|
Runtime testing required: | --- |
Description
psp
2019-01-29 01:18:10 UTC
More information on the vulnerability here: https://bugzilla.redhat.com/show_bug.cgi?id=1668933 https://github.com/OpenSC/OpenSC/issues/1586 Having a leak in command-line tool just before exit is hardly a security issue, I am not even going to patch[1] it. [1] https://github.com/OpenSC/OpenSC/commit/0d7967549751b7032f22b437106b41444aff0ba9 (In reply to Alon Bar-Lev from comment #2) > Having a leak in command-line tool just before exit is hardly a security > issue, I am not even going to patch[1] it. > > [1] > https://github.com/OpenSC/OpenSC/commit/ > 0d7967549751b7032f22b437106b41444aff0ba9 Agreed. Even if the CVE authorities haven't done so yet... I am marking this as invalid, but I do expect MITRE and friends to do the same shortly. |