[ROOT-10370] Builtin CFITSIO has several security vulnerabilities - SFTJIRA

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: High
Resolution: Fixed
Affects Version/s: 6.18/04
Fix Version/s: 6.20/00
Component/s: Build System
Labels:
None
Environment:

Any

Development:

MERGED

Description

ROOT uses CFITSIO 3.28 as its builtin version. This version is affected by several security vulnerabilities and needs to be updated to version 3.45 or above. See links below for reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-3846
https://nvd.nist.gov/vuln/detail/CVE-2018-3847
https://nvd.nist.gov/vuln/detail/CVE-2018-3848
https://nvd.nist.gov/vuln/detail/CVE-2018-3849
https://nvd.nist.gov/vuln/detail/CVE-2019-1010060
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0529
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0531

Attachments

Activity

People

Assignee:

Oksana Shadura

Reporter:

Guilherme Amadio

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

22/Oct/19 10:06 AM

Updated:

23/Oct/19 4:38 PM

Resolved:

23/Oct/19 4:38 PM