user/ctags: multiple vulnerabilities
|Reporter||Max Rees (sroracle)|
|Assignee||Max Rees (sroracle)|
|Reported||2020-04-23 12:27:09 -0500|
|Modified||2020-06-22 06:11:36 -0500|
|Hardware||Adélie Linux / All|
|Importance||--- / normal|
We currently ship 5.8, which is missing at least this fix for a format string vulnerability as described in [1, 2]:
There seems to be even more commits after this one in trunk on SF as late as 2014. Seems the following distros only have the commits since 2011-03-10 however:
Fedora made me aware of CVE-2014-7204:
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a
denial of service (infinite loop and CPU and disk consumption) via a
Nix is building off the latest SVN trunk.
openSUSE has a hodgepodge of patches.
Alpine switched to Universal ctags and dropped Exuberant ctags entirely.