AVG-18 - log back

AVG-18 created at 25 Sep 2019 19:31:50
Packages
+ crypto++
Issues
+ CVE-2016-7420
Status
+ Fixed
Severity
+ Medium
Affected
+ 5.6.4-2
Fixed
+ 5.6.5-1
Ticket
+ 51331
Advisory qualified
+ Yes
References
+ https://github.com/weidai11/cryptopp/issues/277
+ http://www.openwall.com/lists/oss-security/2016/09/15/12
Notes
+ 5.6.4-2: Apparently we weren't vulnerable in the first place, but this commit made us vulnerable two days after the disclosure: https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/crypto%2b%2b&id=fc4dd81f39589eeb5bdb927587c0fbd2b41d47df
+
+ 5.6.5-1: Fixed in 5.6.5 because they replaced assert() with CRYPTOPP_ASSERT(), which is not enabled by default even if -DNDEBUG is not set.