Debian 10260 Published by

A musl security update has been released for Debian GNU/Linux 8 Extended LTS to address multiple bugs in handling of destination buffer size.



ELA-324-1 musl security update

Package musl
Version 1.1.5-2+deb8u2
Related CVEs CVE-2020-28928

The wcsnrtombs function in all musl libc versions up through 1.2.1 has been found to have multiple bugs in handling of destination buffer size when limiting the input character count, which can lead to infinite loop with no forward progress (no overflow) or writing past the end of the destination buffers.

For Debian 8 jessie, these problems have been fixed in version 1.1.5-2+deb8u2.

We recommend that you upgrade your musl packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-324-1 musl security update