[ubuntu/lunar-security] fastdds 2.9.1+ds-1ubuntu0.1 (Accepted)
Allen Huang
allen.huang at canonical.com
Thu Aug 24 17:38:28 UTC 2023
fastdds (2.9.1+ds-1ubuntu0.1) lunar-security; urgency=medium
* SECURITY UPDATE: assertion failures and unhandled exceptions
- debian/patches/CVE-2023-39534.patch: improves handling of sequence
numbers on data sharing readers, and avoids the possibility of an
assertion when processing an automatically generated Gap message
with a wrong bitmap base.
- CVE-2023-39534
* SECURITY UPDATE: unhandled exceptions
- debian/patches/CVE-2023-39945_48.patch: captures all possible
exceptions from Fast CDR in the places where Fast DDS is using it
for (de)serialization.
- CVE-2023-39945
* SECURITY UPDATE: heap overflows
- debian/patches/CVE-2023-39946_47.patch: fixes out-of-bounds
access during deserialization of PID_PROPERTY_LIST.
- CVE-2023-39946
* SECURITY UPDATE: heap overflows
- debian/patches/CVE-2023-39946_47.patch: fixes out-of-bounds
access during deserialization of PID_PROPERTY_LIST.
- CVE-2023-39947
* SECURITY UPDATE: unhandled exceptions
- debian/patches/CVE-2023-39945_48.patch: captures all possible
exceptions from Fast CDR in the places where Fast DDS is using it
for (de)serialization.
- CVE-2023-39948
* SECURITY UPDATE: unchecked properties
- debian/patches/CVE-2023-39949.patch: adds a check for `firstSN`.
- CVE-2023-39949
Date: 2023-08-24 13:49:08.948102+00:00
Changed-By: Allen Huang <allen.huang at canonical.com>
https://launchpad.net/ubuntu/+source/fastdds/2.9.1+ds-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the lunar-changes
mailing list