** Please note that this issue is confidential and no information should be
disclosed until it is made public, see "Whiteboard" for a date **
James Peach of Apple discovered a stack-based buffer overflow in cscope's handling of long file system paths. Processing a maliciously crafted source file may lead to an unexpected application termination or arbitrary code execution.
Apple provided us with a reproducer for the issue.
A patch is being discussed upstream.
This is now public, please bump the version in tree.
Bumped to 15.7a. Arch teams, please stabilise.
Stable for HPPA.
Stable on alpha.
GLSA request filed.
Multiple buffer overflows in Cscope before 15.7a allow remote
attackers to execute arbitrary code via (1) long pathnames, (2) long
source-code strings, and other vectors.
Multiple stack-based buffer overflows in the putstring function in
find.c in Cscope before 15.6 allow user-assisted remote attackers to
execute arbitrary code via a long (1) function name or (2) symbol in
a source-code file.