Overview
Request 640100 accepted
- Added patch mgetty-fax-block-code-injection.patch to fix
bsc#1108752 (CVE-2018-16741): command injection in fax/faxq-helper.c
- Added patches:
* mgetty-fix-buffer-overflow.patch - upstream patch, sets maximum
length of a string to prevent buffer overflow and thus possible
command injection
* mgetty-delete-obsolete.patch - upstream-based patch, deletes
obsolete file contrib/scrts.c, which could cause buffer overflow
- Fixed bugs:
* bsc#1108756 (CVE-2018-16745): Stack-based buffer overflow in
fax_notify_mail() in faxrec.c
* bsc#1108757 (CVE-2018-16744): Command injection in faxrec.c
* bsc#1108762 (CVE-2018-16742): Stack-based buffer overflow in
contrib/scrts.c triggered via command line parameter
* bsc#1108761 (CVE-2018-16743): Stack-based buffer overflow with
long username in contrib/next-login/login.c
- Created by mcalabkova
- In state accepted
Request History
mcalabkova created request
- Added patch mgetty-fax-block-code-injection.patch to fix
bsc#1108752 (CVE-2018-16741): command injection in fax/faxq-helper.c
- Added patches:
* mgetty-fix-buffer-overflow.patch - upstream patch, sets maximum
length of a string to prevent buffer overflow and thus possible
command injection
* mgetty-delete-obsolete.patch - upstream-based patch, deletes
obsolete file contrib/scrts.c, which could cause buffer overflow
- Fixed bugs:
* bsc#1108756 (CVE-2018-16745): Stack-based buffer overflow in
fax_notify_mail() in faxrec.c
* bsc#1108757 (CVE-2018-16744): Command injection in faxrec.c
* bsc#1108762 (CVE-2018-16742): Stack-based buffer overflow in
contrib/scrts.c triggered via command line parameter
* bsc#1108761 (CVE-2018-16743): Stack-based buffer overflow with
long username in contrib/next-login/login.c
licensedigger accepted review
ok
factory-auto accepted review
Check script succeeded
maintbot added mgetty as a reviewer
Submission for mgetty by someone who is not maintainer in the devel project (Base:System). Please review
maintbot accepted review
ok
msmeissn accepted review
ok
msmeissn approved review
ok
msmeissn moved maintenance target to openSUSE:Maintenance:8886
msmeissn accepted request
accepted request 640100:Thanks!
For information about the update, see https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance