<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/63209>63209</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Request fixes for CVE-2023-29933 issue in 16.x release
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          blzheng
      </td>
    </tr>
</table>

<pre>
    Hi, 

We found a CVE issue (CVE-2023-29933) in 16.0.5, but it is fixed in main branch. **Could you please backport the fixes to [16.x release branch](https://github.com/llvm/llvm-project/tree/release/16.x)**? 


BTW, may I know when the next 16.x version (include the fix for CVE-2023-29933) will be released?

<html xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882"
xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta name=ProgId content=OneNote.File>
<meta name=Generator content="Microsoft OneNote 15">
</head>

<body lang=en-US style='font-family:Calibri;font-size:11.0pt'>
<!--StartFragment-->

<div style='direction:ltr'>



CVE | Description | Status | Comments
-- | -- | -- | --
CVE-2023-29933 | LLVM Project   Vulnerable to Denial-of-Service (DoS) via Segmentation Fault caused by   Crafted File supplied along with '--one-shot-bufferize' Option | Fixed in main branch https://github.com/llvm/llvm-project/commit/ae8cb6437294ca99ba203607c0dd522db4dbf6b6 | Need to backport   to release branch




</div>

<!--EndFragment-->
</body>

</html>

</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyUVUtzozoT_TXypksuIWEwCy8cHL5vquZVydzMWqDG6I6QfCURJ_Prbwnn5Th3MRvAkvv06dMvGYLeW8QNWV2R1W4hpzg4v2nN7wHtftE69bj5vya8BsJ2hG1Pz58IvZusAgn13TXoECYEwtf13TXljAvKq0oIwivQFrJiyZarBNFOEXQEHaDXD6jS5Si1hdZL2w1LIHxL-LZ2k1Hw6CY4GJQBoZXdr4PzEeKAs2WA6ICsrrJi-QAen_41g5DVjvD1EOMhELElvCG82es4TO2ycyPhjTH3zy968O5v7CLhTfSIhDdPWIQ3CZrw6sSIiOYs_NPz6sfPFNQoH-ET_LLuCMcB7UzS4kOEmd09-qCdTeJo25lJ4XMU0DsPl4IdtTHQ4nNYiojmzLWohzgaeBiNTRE6InaE88lbIrahG3CUgY668y64PtIUs9i6vtcdvn5wfgJ7BlHxCWXSiohtzZs8YxmjxepK0CxTGd3yqqGMbbeM1Vm-XvP3GMk8qf4i-vF4XB7F0vk94c2PG8Kbm-uaJu45S8bi-n1YKNXl6YhRgpUjErH77t3-k4LO2Yg2Uf5m8auLuGy0wVfTc6P_oUUvo_Nv7AjnX54lgicQyFZntERNePMxp9QUYKTdE7FDS_-6hRAfE4Md4WXvbKS9HLV5TFJKo1uvibiaz4P-ndKQZUt2iISX5-4ySm-j9LHxcj-ijZRe-lb6_q03pT12UbuUfRP9GeTFM7UqKWvYYei8PsS5LssabqOMU5g_azcmz-FkQOl8-P71gvamdOerz5_vvsD3U1MBwN1kkvatwdSvO7RaGup6eov-XnfzwNi521T091rCLc5By5lWIycToZNTQAXtIwDUXvYRFaRcQ5gOB6NRgTTO7uGo4wCEl5Q6izQMLtJ26nv0SW5ewrfXWJsPBg_88bjo3Djq9CFx3bVFLkpe5Z2sqlZyJgpWdkypFeeqzVXbF20x-_6KqJISL_MM0q938-s_cve2KpW-vyyMuXyurfqoeGarVLUfmTWpJ18uFmojVCUqucBNVqwLXpVFXi6GjRRtJzIlurLsszLnIld9363avGRMYt4t9CZVAytYxdaM5eWyz1YlbyXvVbauuiwnOcNRarNMYqbBsJj3xqYQnFULI1s0YV5DnFs8npZKasnVbuE3cwLaaR9IzowOMbyiRB0Nbm7wnwlDfNoPl7P1aUmd9tHL1lhM3mz-OP0zVCC8man_GwAA__9z0ijy">