Advisories » MGASA-2023-0274

Updated indent package fixes security vulnerabilities

Publication date: 30 Sep 2023
Modification date: 30 Sep 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023--40305

Description

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in
indent.c via a crafted file. (CVE-2023-40305)

GNU indent 2.2.13 has a heap overread in lexi().
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32273
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40305
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MIUH3F63KQJWYR3FLKRZUYYRJOY6FYX/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023--40305

SRPMS

8/core

• indent-2.2.13-1.1.mga8

9/core

• indent-2.2.13-1.1.mga9