new version
fix error in changelog
sudo dnf upgrade --refresh --advisory=FEDORA-2020-54010774d1
This update has been submitted for testing by wef.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update has obsoleted wob-0.9-2.fc32, and has inherited its bugs and notes.
This update has been pushed to testing.
hello, thx for the update
Can You comment on why this is tagged as a security release? The only fixed issue was
https://github.com/francma/wob/issues/48
which seems like a random crash.
The release announcement https://github.com/francma/wob/releases/tag/0.10 mentions:
NULL terminate color buffer string to prevent usage of uninitialised memory #48
... seems like a buffer overrun.
Sure, thanks for the feedback. #48 is the issue I'm referencing. I just can't see how this translates to a reasonable attack. I don't see memory disclosure..just Self-Dos, if You will.
So You're saying the color buffer string not being null-terminated leads to undefinded behaviour and hence may be a security issue?
Didn't think it through that far. Deserves a release anyhow.
sure, thanks for the release!
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by bodhi.
This update has been pushed to stable.
Please login to add feedback.
Confirm request to re-trigger tests.
This update has been submitted for testing by wef.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update has obsoleted wob-0.9-2.fc32, and has inherited its bugs and notes.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
hello, thx for the update
Can You comment on why this is tagged as a security release? The only fixed issue was
which seems like a random crash.
The release announcement https://github.com/francma/wob/releases/tag/0.10 mentions:
... seems like a buffer overrun.
Sure, thanks for the feedback. #48 is the issue I'm referencing. I just can't see how this translates to a reasonable attack. I don't see memory disclosure..just Self-Dos, if You will.
So You're saying the color buffer string not being null-terminated leads to undefinded behaviour and hence may be a security issue?
Didn't think it through that far. Deserves a release anyhow.
sure, thanks for the release!
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by bodhi.
This update has been pushed to stable.