cpdb-libs 2.0b5 #28
tillkamppeter
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
In the fifth beta release for cpdb-libs 2.0.0 we have made sure frontend/backend communication is pure D-Bus so that everything works also with sandboxed packaging and we have fixes several bugs, including a security issue.
The frontend should only shout into the D-Bus to find out which backends are available and to communicate with them. Depending on the way (for example sandboxed packaging, like Snap) how the frontend and backand are installed the frontend cannot access the host's or the backend's file systems (PR Removes file system access #27).
scanf()
/fscanf()
functionscpdb-libs uses the
fscanf()
andscanf()
functions to parse command lines and configuration files, dropping the read string components into fixed-length buffers, but does not limit the length of the strings to be read byfscanf()
andscanf()
causing buffer overflows when a string is longer than 1023 characters (CVE-2023-34095).tools/Makefile.am
Removed the
TESTdir
andTEST_SCRIPTS
entries intools/Makefile.am
. They are not needed and letmake install
try to installrun-tests.sh
in the source directory, where it already is, causing an error.This discussion was created from the release cpdb-libs 2.0b5.
Beta Was this translation helpful? Give feedback.
All reactions