oss-sec mailing list archives
Re: Re: [FD] libcroco multiple vulnerabilities
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 8 Sep 2020 08:07:57 -0700
On 8/13/20 10:57 AM, Alan Coopersmith wrote:
Upstream closed these bugs as WONTFIX today since they have ended maintenance of the standalone libcroco, as discussed in the comments on https://gitlab.gnome.org/Archive/libcroco/-/issues/8 (which is a different security fix, for CVE-2020-12825).
Distro maintainers should take note that GNU gettext also has an embedded copy of libcroco sources: https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=tree;f=libtextstyle/gnulib-local/lib/libcroco -- -Alan Coopersmith- alan.coopersmith () oracle com Oracle Solaris Engineering - https://blogs.oracle.com/alanc
Current thread:
- Re: Re: [FD] libcroco multiple vulnerabilities Alan Coopersmith (Aug 13)
- Re: Re: [FD] libcroco multiple vulnerabilities Alan Coopersmith (Sep 08)