Opened 12 years ago

Closed 12 years ago

#32085 closed defect (fixed)

chasen @2.4.4_1: should be downgraded to ChaSen 2.3.3

Reported by: takanori@… Owned by: humem (humem)
Priority: Normal Milestone:
Component: ports Version: 2.0.3
Keywords: Cc:
Port: chasen

Description

According to a report from JPCERT, ChaSen 2.4.x has a buffer overflow vulnerability.

JVN#16901583: A buffer overflow vulnerability in ChaSen
https://jvn.jp/jp/JVN16901583/index.html

Maybe port:chasen should be downgraded to version 2.3.3, since it looks like the developer doesn't have any plans to fix the bug.

Change History (2)

comment:1 Changed 12 years ago by ryandesign (Ryan Carsten Schmidt)

If we do this, don't forget that the port's epoch will have to be increased.

comment:2 Changed 12 years ago by humem (humem)

Resolution: fixed
Status: newclosed

I added official patches for 2.3.3 and made a patch to use the current darts and clang compiler. Committed in r87366.

Note: See TracTickets for help on using tickets.