oss-sec mailing list archives

Re: CVE-2024-42415: Integer Overflow in GNOME libgsf

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Fri, 4 Oct 2024 14:05:03 -0700

On 10/4/24 13:59, Alan Coopersmith wrote:

The upstream bug report is at https://gitlab.gnome.org/GNOME/libgsf/-/issues/34
and states the bug is "Fixed in 1.14.53" and
https://gitlab.gnome.org/GNOME/libgsf/-/commit/06d0cb92a4c02e7126ef2ff6f5e29fd74b4be9e0
says it fixes that issue.


Oops, I should have noted the above bug report & commit also cover
CVE-2024-36474 from
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Current thread:

CVE-2024-42415: Integer Overflow in GNOME libgsf Alan Coopersmith (Oct 04)
- Re: CVE-2024-42415: Integer Overflow in GNOME libgsf Alan Coopersmith (Oct 04)