oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: [FD] libcroco multiple vulnerabilities

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 8 Sep 2020 08:07:57 -0700
On 8/13/20 10:57 AM, Alan Coopersmith wrote:

Upstream closed these bugs as WONTFIX today since they have ended
maintenance of the standalone libcroco, as discussed in the comments on
https://gitlab.gnome.org/Archive/libcroco/-/issues/8
(which is a different security fix, for CVE-2020-12825).


Distro maintainers should take note that GNU gettext also has an
embedded copy of libcroco sources:

https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=tree;f=libtextstyle/gnulib-local/lib/libcroco

--
        -Alan Coopersmith-               alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/alanc
Previous By Date Next
Previous By Thread Next

Current thread: