
<div dir="ltr">I checked in the fix for this in commit 435a2ca (<a href="https://github.com/sshock/AFFLIBv3/commit/435a2ca">https://github.com/sshock/AFFLIBv3/commit/435a2ca</a>).  (Sorry I didn't have a CVE id yet so that was not included in the commit comment.)<div><br></div><div>What needs to happen now?  Do I need to do anything or can you guys take it from here?</div><div><br></div><div>Phillip</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Mar 11, 2018 at 3:40 AM, Salvatore Bonaccorso <span dir="ltr"><<a href="mailto:carnil@debian.org" target="_blank">carnil@debian.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Source: afflib<br>

Version: 3.7.5-1<br>

Severity: important<br>

Tags: patch security upstream<br>

<br>

Hi,<br>

<br>

the following vulnerability was published for afflib.<br>

<br>

CVE-2018-8050[0]:<br>

| The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka<br>

| AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of<br>

| service (segmentation fault) via a corrupt AFF image that triggers an<br>

| unexpected pagesize value.<br>

<br>

If you fix the vulnerability please also make sure to include the<br>

CVE (Common Vulnerabilities & Exposures) id in your changelog entry.<br>

<br>

For further information see:<br>

<br>

[0] <a href="https://security-tracker.debian.org/tracker/CVE-2018-8050" rel="noreferrer" target="_blank">https://security-tracker.<wbr>debian.org/tracker/CVE-2018-<wbr>8050</a><br>

    <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8050" rel="noreferrer" target="_blank">https://cve.mitre.org/cgi-bin/<wbr>cvename.cgi?name=CVE-2018-8050</a><br>

[1] <a href="https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c" rel="noreferrer" target="_blank">https://github.com/sshock/<wbr>AFFLIBv3/commit/<wbr>435a2ca802358a3debb6d164d2c330<wbr>49131df81c</a><br>

<br>

Please adjust the affected versions in the BTS as needed.<br>

<br>

Regards,<br>

Salvatore<br>

<br>

</blockquote></div><br></div>