[Pkg-javascript-devel] Bug#977736: iotjs: CVE-2020-29657 : False positive ?
Philippe Coval
rzr at users.sf.net
Thu Jan 7 21:58:03 GMT 2021
Package: iotjs
Followup-For: Bug #977736
Dear Maintainer,
As iotjs's Debian maintainer,
I have forwarded this issue to upstream tracker:
https://github.com/jerryscript-project/iotjs/issues/1955
But, It looks like that "main_print_unhandled_exception" function is in
jerryscript CLI program not in the library that iotjs link with
It can be easily verified using:
readelf -Wsa /usr/bin/iotjs | grep print_
610: 0000000000020030 1 FUNC GLOBAL DEFAULT 14 print_stacktrace
776: 000000000006afa0 16 FUNC GLOBAL DEFAULT 14 jerry_port_print_char
So I think this scanner is a false positive.
I don't know if upstream iotjs plan to jerryscript soon
and IMHO, it is not worthy of backporting the related patch
because it wont be compiled.
Regards
More information about the Pkg-javascript-devel
mailing list