Fixes to vulnerabilities result in the project issuing a new release with the fixes. We do not patch and release an updated version of a previous release. We will fix any vulnerability from any release if and only if the vulnerability still exists in the latest release.
Version | Supported |
---|---|
0.6.0 | ✅ |
0.5.0 | ✅ |
< 0.5.0 | ✅ |
One way to report is to add a Issue on the issues page for the project. Another is to email to libdwarf at linuxmail dot org
Normally we respond to a report within one day and provide fixes within a day or two. We can provide the new version of the affected source file as a diff or a copy of the fixed source file(s) when that seems appropriate.