[Bug 1878177] Re: CVE-2020-3810 out-of-bound stack reads in arfile
Alex Murray
alex.murray at canonical.com
Thu May 14 01:46:55 UTC 2020
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1878177
Title:
CVE-2020-3810 out-of-bound stack reads in arfile
Status in apt package in Ubuntu:
Fix Released
Bug description:
In https://github.com/Debian/apt/issues/111, an issue was discovered
where apt's ar implementation performs (unbound) out of bound reads of
a stack variable.
Marking this as private security for now to avoid giving it more
prominence.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1878177/+subscriptions
More information about the foundations-bugs
mailing list