Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix cve into assimp #1258

Open
wants to merge 1 commit into
base: rolling
Choose a base branch
from
Open

Fix cve into assimp #1258

wants to merge 1 commit into from

Conversation

mosfet80
Copy link
Contributor

Updated assimp .. is need to fix cve https://ubuntu.com/security/CVE-2024-40724

@mosfet80
Fix cve into assimp
12e0350 
Updated assimp .. is need to fix cve https://ubuntu.com/security/CVE-2024-40724

Signed-off-by: mosfet80 <[email protected]>
@mosfet80 mosfet80 requested a review from ahcorde as a code owner August 15, 2024 18:35
@MichaelOrlov
Copy link

@clalancette A friendly ping to follow up on this issue.

ahcorde
ahcorde requested changes Aug 23, 2024
View reviewed changes
Copy link
Contributor

@ahcorde ahcorde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should stick with the Ubuntu Noble version https://blueprints.launchpad.net/ubuntu/noble/+source/assimp which is 5.3.1

@mosfet80
Copy link
Contributor Author

the vulnerability has already been reported on the ubuntu site. https://bugs.launchpad.net/ubuntu/+source/assimp
..But ..the bug is being analyzed.

Since this is a security issue, we recommend using the secure version. The version also fixes issues when importing large CAD files.

@clalancette
Copy link
Contributor

We should stick with the Ubuntu Noble version https://blueprints.launchpad.net/ubuntu/noble/+source/assimp which is 5.3.1

In this particular case, because it is a CVE, I think we should consider updating it.

That said, the last time we did an update like this we caused a bunch of regressions, so I want to take a closer look before we change anything here.

@clalancette clalancette self-assigned this Aug 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahcorde ahcorde ahcorde requested changes

Assignees

@clalancette clalancette

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mosfet80 @MichaelOrlov @clalancette @ahcorde