Opened 12 months ago
Last modified 12 months ago
#6816 new defect
[debian] premake5 needs to be updated (mbedtls)
| Reported by: | fabio | Owned by: | |
|---|---|---|---|
| Priority: | Should Have | Milestone: | Alpha 27 |
| Component: | Build & Packages | Keywords: | |
| Cc: | Patch: |
Description
From debian bug 1036970:
The project mbedtsl which is used in 0ad (source:ps/trunk/build/premake/premake5/contrib/mbedtls) contains vulnerabilities (CVE-2019-16910, CVE-2017-14032).
The vulnerabilities are fixed in newer version of mbedtls, but in 0ad project the old version is used.
Change History (2)
comment:1 by , 12 months ago
comment:2 by , 12 months ago
| Summary: | [debian] mbedtls needs to be updated → [debian] premake5 needs to be updated (mbedtls) |
|---|
Doesn't look like Debian has packaged premake5 yet, only premake4.
That said, premake5 is a build only dep and the embedded mbedtls won't end up in 0ad at all. So there is no real need to do anything for A27. Definitely for A28 though.
That said s0600204 wanted to update the bundled premake5 for system mozjs support, so this is yet another reason.
Note:
See TracTickets
for help on using tickets.
I'm not sure this is needed for now, as it's in our bundled premake5, so if something goes wrong during the build, maybe they are better off bundling and packaging Premake for the distribution?