CVE-2020-35450

NameCVE-2020-35450
DescriptionGobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs978446

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gobby (PTS)bookworm, bullseye0.6.0-1fixed
sid, trixie0.6.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gobbysource(unstable)0.6.0~20201227~b98f4d2-1978446

Notes

[buster] - gobby <no-dsa> (Minor issue)
[stretch] - gobby <no-dsa> (Minor issue)
https://github.com/gobby/gobby/issues/183
https://github.com/gobby/gobby/pull/184
https://github.com/gobby/gobby/commit/6f34307bff645eb2935d82deee0119ec89866118
Search for package or bug name: Reporting problems