Summary: | dev-libs/libfmt: buffer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | minor | CC: | candrews |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [upstream/ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2022-01-01 02:08:07 UTC
Requested upstream to make a release that addresses this issue: https://github.com/fmtlib/fmt/issues/2685 (In reply to Craig Andrews from comment #1) > Requested upstream to make a release that addresses this issue: > https://github.com/fmtlib/fmt/issues/2685 Upstream replied: > This is one of a series of false positives around 12 July that were closed without any changes to {fmt} (after some fuzzing infra issue has been addressed. In particular 2038bf6 is effectively a noop. I recommend marking this CVE as invalid. Shall we close this as invalid? Do we have a way to get the CVE updated? (In reply to Craig Andrews from comment #2) > (In reply to Craig Andrews from comment #1) > > Requested upstream to make a release that addresses this issue: > > https://github.com/fmtlib/fmt/issues/2685 > > Upstream replied: > > This is one of a series of false positives around 12 July that were closed without any changes to {fmt} (after some fuzzing infra issue has been addressed. In particular 2038bf6 is effectively a noop. I recommend marking this CVE as invalid. > > Shall we close this as invalid? Do we have a way to get the CVE updated? Anyone can at https://cveform.mitre.org |