Source: blktrace Version: 1.0.5-1 Severity: normal Tags: patch security upstream Forwarded: https://www.spinics.net/lists/linux-btrace/msg00847.html
Hi, The following vulnerability was published for blktrace. CVE-2018-10689[0]: | blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel | and Android, has a buffer overflow in the dev_map_read function in | btt/devmap.c because the device and devno arrays are too small, as | demonstrated by an invalid free when using the btt program with a | crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-10689 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10689 [1] https://www.spinics.net/lists/linux-btrace/msg00847.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
