Overview

Request 987903 accepted

- update to 5.4.0 (CVE-2022-31116, bsc#1201255, CVE-2022-31117, bsc#1201254):
* Replace wchar_t string decoding implementation with a uint32_t-based one
* Fix handling of surrogates on decoding
* CVE-2022-31117: Potential double free of buffer during string decoding
* Fix memory leak on encoding errors when the buffer was resized
* Integer parsing: always detect overflows
* Fix handling of surrogates on encoding

Request History
Dirk Mueller's avatar

dirkmueller created request

- update to 5.4.0 (CVE-2022-31116, bsc#1201255, CVE-2022-31117, bsc#1201254):
* Replace wchar_t string decoding implementation with a uint32_t-based one
* Fix handling of surrogates on decoding
* CVE-2022-31117: Potential double free of buffer during string decoding
* Fix memory leak on encoding errors when the buffer was resized
* Integer parsing: always detect overflows
* Fix handling of surrogates on encoding

Dominique Leuenberger's avatar

dimstar_suse added as a reviewer

Being evaluated by staging project "openSUSE:Factory:Staging:adi:49"

Dominique Leuenberger's avatar

dimstar_suse accepted review

Picked "openSUSE:Factory:Staging:adi:49"

Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources

Factory Auto's avatar

factory-auto accepted review

Check script succeeded

Saul Goodman's avatar

licensedigger accepted review

ok

Dominique Leuenberger's avatar

dimstar accepted review

Dominique Leuenberger's avatar

dimstar_suse accepted review

Staging Project openSUSE:Factory:Staging:adi:49 got accepted.

Dominique Leuenberger's avatar

dimstar_suse approved review

Staging Project openSUSE:Factory:Staging:adi:49 got accepted.

Dominique Leuenberger's avatar

dimstar_suse accepted request

Staging Project openSUSE:Factory:Staging:adi:49 got accepted.

openSUSE Build Service is sponsored by
Places