This bug was fixed in the package whoopsie - 0.2.69ubuntu0.1
---------------
whoopsie (0.2.69ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
- lib/bson/*: updated to latest upstream release.
- CVE-2020-12135
* SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982)
- src/whoopsie.c, src/tests/test_parse_report.c: properly handle
GHashTable.
- CVE-2020-11937
* SECURITY UPDATE: DoS via large data length (LP: #1882180)
- src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit
the size of a report file.
- CVE-2020-15570
-- Marc Deslauriers <[email protected]> Fri, 24 Jul 2020
08:55:26 -0400
** Changed in: whoopsie (Ubuntu Focal)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11937
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12135
** Changed in: whoopsie (Ubuntu Xenial)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1882180
Title:
DoS vulnerability: fail to allocate
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1882180/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
