* Salvatore Bonaccorso <car...@debian.org> [2017-09-24 18:01]: > the following vulnerability was published for ledger. > > CVE-2017-2807[0]: > | An exploitable buffer overflow vulnerability exists in the tag parsing > | functionality of Ledger-CLI 3.1.1. A specially crafted journal file > | can cause an integer underflow resulting in code execution. An > | attacker can construct a malicious journal file to trigger this > | vulnerability.
Fixed here: https://github.com/ledger/ledger/commit/5682f377aed5b0db6b6c4a44b1d8868103b7e9f7 -- Martin Michlmayr https://www.cyrius.com/