This bug was fixed in the package libu2f-host - 1.1.4-1ubuntu0.1 --------------- libu2f-host (1.1.4-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: buffer overflow when handling response from device (LP: #1814153) - debian/patches//0002-CVE-2018-20340.patch: check to ensure response size is within offered buffer size. - CVE-2018-20340 -- Steve Beattie <sbeat...@ubuntu.com> Tue, 05 Feb 2019 10:44:55 -0800 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1814153 Title: Upcoming Security Release of a Yubico Library (Moderate severity, CVSS 6.3) - Unchecked Buffer libu2f-host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libu2f-host/+bug/1814153/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs