Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New release for CVE-2021-45959 #2685

Closed
candrews opened this issue Jan 2, 2022 · 5 comments
Closed

New release for CVE-2021-45959 #2685

candrews opened this issue Jan 2, 2022 · 5 comments
Labels
question

Comments

@candrews
Copy link

candrews commented Jan 2, 2022

Can you please make a new release addressing CVE-2021-45959?

It appears this issue was fixed back in July with commit 2038bf6 but no release was made.

Thank you!
@vitaut
Copy link
Contributor

vitaut commented Jan 2, 2022
edited

This is one of a series of false positives around 12 July that were closed without any changes to {fmt} (after some fuzzing infra issue has been addressed). In particular 2038bf6 is effectively a noop. I recommend marking this CVE as invalid.

@vitaut vitaut closed this as completed Jan 2, 2022
@vitaut vitaut added the question label Jan 2, 2022
@carnil
Copy link

carnil commented Jan 2, 2022

Via https://cveform.mitre.org/ I asked if the CVE can be rejected (note I'm not either involved upstream, nor with the oss-fuzz, but stumpled over this issue while investigating the CVE in downstream Debian).

@vitaut
Copy link
Contributor

vitaut commented Jan 2, 2022

Thanks!

@carnil
Copy link

carnil commented Jan 3, 2022

@vitaut the CVE has been rejected now.

@vitaut
Copy link
Contributor

vitaut commented Jan 3, 2022

Thanks @carnil!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@candrews @vitaut @carnil