An out-of-bounds heap write vulnerability was found in date. Maliciously crafted TZ variable could be used to run arbitrary code as the user running date.
Name: Pádraig Brady
As the fix is already pushed to public git repositories, could the embargo be canceled and the corresponding bugs made public?
Thanks in advance!
This really is a gnulib issue, and gnulib is embedded in coreutils.