Opened 13 years ago
Closed 13 years ago
#32085 closed defect (fixed)
chasen @2.4.4_1: should be downgraded to ChaSen 2.3.3
| Reported by: | takanori@… | Owned by: | humem (humem) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.0.3 |
| Keywords: | Cc: | ||
| Port: | chasen |
Description
According to a report from JPCERT, ChaSen 2.4.x has a buffer overflow vulnerability.
JVN#16901583: A buffer overflow vulnerability in ChaSen https://jvn.jp/jp/JVN16901583/index.html
Maybe port:chasen should be downgraded to version 2.3.3, since it looks like the developer doesn't have any plans to fix the bug.
Change History (2)
comment:1 Changed 13 years ago by ryandesign (Ryan Carsten Schmidt)
comment:2 Changed 13 years ago by humem (humem)
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
I added official patches for 2.3.3 and made a patch to use the current darts and clang compiler. Committed in r87366.
Note: See
TracTickets for help on using
tickets.
If we do this, don't forget that the port's epoch will have to be increased.