-
whoopsie (0.2.72.2) groovy; urgency=medium
* src/whoopsie.c: modify server_response() so that it does not incorrectly
assume that data is null-terminated and actually use the size of the data.
(LP: #1914481)
-- Brian Murray <email address hidden> Thu, 04 Feb 2021 18:30:37 -0800
-
whoopsie (0.2.72.1) groovy; urgency=medium
* Attempt to fix double free issue (LP: #1899100)
- src/whoopsie.c: reject duplicate keys, re-order certain operations.
- src/tests/data/crash/invalid_key_duplicate,
src/tests/test_parse_report.c: added test for duplicate keys.
-- Marc Deslauriers <email address hidden> Mon, 26 Oct 2020 14:40:14 -0400
-
whoopsie (0.2.72) groovy; urgency=medium
* src/whoopsie.c: Do not upload AlsaInfo as it is redundant now that PaInfo
is collected.
-- Brian Murray <email address hidden> Mon, 21 Sep 2020 10:07:53 -0700
-
whoopsie (0.2.71) groovy; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
- lib/bson/*: updated to latest upstream release.
- CVE-2020-12135
* SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982)
- src/whoopsie.c, src/tests/test_parse_report.c: properly handle
GHashTable.
- CVE-2020-11937
* SECURITY UPDATE: DoS via large data length (LP: #1882180)
- src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit
the size of a report file.
- CVE-2020-15570
-- Brian Murray <email address hidden> Wed, 05 Aug 2020 15:00:45 -0700
-
whoopsie (0.2.69) focal; urgency=medium
* SECURITY REGRESSION: segfault when sending crash report (LP: #1850608)
- use uint32_t instead of size_t and INT32_MAX instead of INT_MAX
as bson expects variable sizes to be 32 bits long.
-- Tiago Stürmer Daitx <email address hidden> Mon, 04 Nov 2019 23:33:08 +0000
