Marked for autoremoval on 03 June due to libm4ri: #1099530high
Version 1.1.2-2 of cvc5 is marked for autoremoval from testing on Tue 03 Jun 2025. It depends (transitively) on libm4ri, affected by #1099530. You should try to prevent the removal by fixing these RC bugs.
CVE-2024-37794:
Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file.
CVE-2024-37795:
A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT-LIB input file containing the `set-logic` command with specific formatting errors.
CVE-2024-37794:
Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file.
CVE-2024-37795:
A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT-LIB input file containing the `set-logic` command with specific formatting errors.
Among the 6 debian patches
available in version 1.1.2-2 of the package,
we noticed the following issues:
6 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.7.2 instead of
4.6.2).
CVE-2024-37794:
Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file.
CVE-2024-37795:
A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT-LIB input file containing the `set-logic` command with specific formatting errors.