ostroproject/ostro-os

flex vulnerability CVE-2016-6354

ipuustin opened this issue 8 years ago · 1 comments

ipuustin commented 8 years ago

Certain code generated by flex has a heap buffer overflow. Base CVSS severity 9.8 (critical). Ostro OS severity not yet analyzed.

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6354

jku commented 8 years ago

Patch in review:
http://lists.openembedded.org/pipermail/openembedded-core/2016-October/127423.html