On 2021-09-16 21:23:34 +0200, Anton Gladky wrote: > Thanks for the bug report. We will fix it when CVE (if any) will be > assigned and upstream patch will be available.
FYI, an upstream patch is now available here: https://gmplib.org/list-archives/gmp-bugs/2021-September/005087.html > Though, the integer overflows are not making the package unusable in > most cases. Yes, but they may introduce security issues, in particular here because the behavior depends on data from a file, which may be untrusted. That said, here it is probably wise to check that the size is not too large in order to prevent the address space from being exhausted. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)