| Summary: | <sci-visualization/gnuplot-5.4.3: divide by zero vulnerability | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | sci, ulm |
| Priority: | Normal | Keywords: | UPSTREAM |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://sourceforge.net/p/gnuplot/bugs/2474/ | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
John Helmert III
2021-12-23 08:39:56 UTC
I wonder why this would be labelled as a security vulnerability? It is simply a bug. Gnuplot is a Turing complete language and the user is not supposed to execute scripts of unknown origin. (In reply to John Helmert III from comment #0) > URL says this is patched but can't tell if it's made it into a release yet. Yeah, this will be fixed after the next upstream release. Backporting the patch doesn't make much sense for a problem that has no practical relevance (it is triggered when setting character size to zero and font size to infinity.) Fixed upstream in gnuplot-5.4.3. This version is already stable, and older versions have been dropped. Ping. Can this be closed, or is any further action required on this bug? |