A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.
Created editorconfig tracking bugs for this issue: Affects: epel-all [bug 2193153] Affects: fedora-all [bug 2193154]
Kalev, I don’t see any reason not to simply build 0.12.6 for all releases. Do you?
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.