Source: coreutils Version: 9.4-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for coreutils. CVE-2024-0684[0]: | heap overflow in split --line-bytes with very long lines Note, the severity is choosen as such to make sure the fix lands in trixie, but is slight overrated. If you feel strong on it feel free to downgrade. The issue can be reproduced with: { printf '%131070s\n' ''; printf 'x\n'; printf '%131071s\n' ''; } > in split -C 131072 ---io=131072 in and only affects trixie and unstable version of split. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-0684 https://www.cve.org/CVERecord?id=CVE-2024-0684 [1] https://www.openwall.com/lists/oss-security/2024/01/18/2 Regards, Salvatore