From ${URL} : ed 1.14.1 fixes an invalid free, reported here: https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html Reproducer: echo -e "H\n?\{" | ed Found with afl. ed 1.14.1 didn't show any more issues with afl/asan fuzzing. Not sure if there's any scenario where ed is used with untrusted input. ed isn't developed in a version control system, therefore I can't link to a commit, but the patch to fix it is this: --- a/regex.c 2017-01-06 02:06:04.000000000 +0100 +++ b/regex.c 2017-01-09 17:09:51.000000000 +0100 @@ -135,7 +135,6 @@ static regex_t * get_compiled_regex( con char buf[80]; regerror( n, exp, buf, sizeof buf ); set_error_msg( buf ); - free( exp ); exp = 0; } return exp; @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
commit 3a9ec6527ccb64f9ca04bba9c8f7aab5040ffca3 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Fri Jan 13 21:29:32 2017 sys-apps/ed: Security cleanup (bug #605552). Package-Manager: Portage-2.3.3, Repoman-2.3.1 This bug only affects =sys-apps/ed-1.14 (which I just cleaned up) and not the current stable candidate =sys-apps/ed-1.13 (see bug #605012)
Only one affected package, which was never marked stable, so vulnerability rating reflects that.