Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update: patch #1102

Open
dongsupark opened this issue Jun 27, 2023 · 0 comments
Open

update: patch #1102

dongsupark opened this issue Jun 27, 2023 · 0 comments
Labels
advisory/only-sdk affects only Flatcar SDK advisory/upstream-blocked blocked by upstream projects advisory security advisory cvss/MEDIUM >= 4 && < 7 assessed CVSS security security concerns

Comments

@dongsupark
Copy link
Member

Name: patch
CVEs: CVE-2021-45261
CVSSs: 5.5
Action Needed: TBD

Summary: An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

Note, patch is included only in SDK, so not critical.

refmap.gentoo: https://bugs.gentoo.org/829835

@dongsupark dongsupark added security security concerns advisory security advisory cvss/MEDIUM >= 4 && < 7 assessed CVSS advisory/upstream-blocked blocked by upstream projects labels Jun 27, 2023
@dongsupark dongsupark added the advisory/only-sdk affects only Flatcar SDK label Jun 27, 2023
@dongsupark dongsupark moved this from 📝 Needs Triage to ⏳ Long Term in Flatcar tactical, release planning, and roadmap Jun 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
advisory/only-sdk affects only Flatcar SDK advisory/upstream-blocked blocked by upstream projects advisory security advisory cvss/MEDIUM >= 4 && < 7 assessed CVSS security security concerns
Projects
Development

No branches or pull requests

1 participant