---

AVG-18 - log back

AVG-18 created at 25 Sep 2019 19:31:50
Packages	+ crypto++
Issues	+ CVE-2016-7420
Status	+ Fixed
Severity	+ Medium
Affected	+ 5.6.4-2
Fixed	+ 5.6.5-1
Ticket	+ 51331
Advisory qualified	+ Yes
References	+ https://github.com/weidai11/cryptopp/issues/277 + http://www.openwall.com/lists/oss-security/2016/09/15/12
Notes	+ 5.6.4-2: Apparently we weren't vulnerable in the first place, but this commit made us vulnerable two days after the disclosure: https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/crypto%2b%2b&id=fc4dd81f39589eeb5bdb927587c0fbd2b41d47df + + 5.6.5-1: Fixed in 5.6.5 because they replaced assert() with CRYPTOPP_ASSERT(), which is not enabled by default even if -DNDEBUG is not set.