Candidate: CVE-2019-16165
PublicDate: 2019-09-09 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16165
 https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00001.html
Description:
 GNU cflow through 1.6 has a use-after-free in the reference function in
 parser.c.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939915
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_cflow:
 upstream: https://git.savannah.gnu.org/cgit/cflow.git/commit/?id=b9a7cd5e9d4efb54141dd0d11c319bb97a4600c6
upstream_cflow: released (1.7)
precise/esm_cflow: DNE
trusty_cflow: ignored (out of standard support)
trusty/esm_cflow: DNE
xenial_cflow: ignored (end of standard support, was needed)
bionic_cflow: needed
disco_cflow: ignored (reached end-of-life)
eoan_cflow: ignored (reached end-of-life)
focal_cflow: needed
groovy_cflow: ignored (reached end-of-life)
hirsute_cflow: ignored (reached end-of-life)
impish_cflow: needed
jammy_cflow: not-affected (1:1.7-2)
devel_cflow: not-affected (1:1.7-2)