CVE-2022-23946 <= KiCad 6.0.1 Stack-based buffer overflow in GCodeNumber parsing
CVE-2022-23947 <= KiCad 6.0.1 Stack-based buffer overflow in DCodeNumber parsing
CVE-2022-23803 <= KiCad 6.0.1 Stack-based buffer overflow in ReadXYCoord
CVE-2022-23804 <= KiCad 6.0.1 Stack-based buffer overflow in ReadIJCoord
Thanks for reporting! Maintainer, please bump.
KiCad 6.0.2 is in the tree which has replaced 6.0.1. However we still have KiCad
5.1.12 in the tree becasue it's needed by some industrial users since 6 series is
not backward compatible with 5 series, and people need some time for migration.
What is the recommendation for such cases when we have to keep an older version
in the tree for a while longer?
In this case, simply masking the old version can be appropriate.
The bug has been referenced in the following commit(s):
Author: Zoltan Puskas <firstname.lastname@example.org>
AuthorDate: 2022-02-19 03:55:37 +0000
Commit: John Helmert III <email@example.com>
CommitDate: 2022-02-19 17:14:15 +0000
sci-electronics/kicad.*: Mask vulnerable versions
Signed-off-by: Zoltan Puskas <firstname.lastname@example.org>
Signed-off-by: John Helmert III <email@example.com>
profiles/package.mask | 14 ++++++++++++++
1 file changed, 14 insertions(+)
Thanks! All done.
Please note that the Bug: tag should be used for security bugs, rather than Closes:.