← Back to team overview

kicad-developers team mailing list archive

Re: CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947


On 2/16/22 01:52 PM, jp charras wrote:

Le 16/02/2022 à 19:38, Steven A. Falco a écrit :
I found "Fix overflow vulnerability in Gerbview" and possibly "Fix relative return with nullptr condition".  Are there other patches in the series, or are those two the only ones that are needed?

I tried grepping the log for CVE, but didn't find much...


3 fixes are needed. This one is needed:

"Fix float scaling to use single fn"

I tried applying the patches to 5.1.12 but ran into rejects that I didn't feel comfortable to rework.

I'm asking on the Fedora list, and there is a way to request exceptions to the "Fedora major update policy".  I'll see where that leads.  Given that KiCad is planning to do annual major updates, I suspect this problem will keep coming up, so if I can get an exception to the policy, that would be best.