| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| cassert.patch | Add missing "#include <cassert>" | Steffen Mller | no | 2020-09-06 | ||
| noTwine.patch | Prevent execution of upstream Makefile in python_bindings dir | Steffen Mller | no | 2020-09-06 | ||
| use-shared-while-linking.patch | Enable "-shared" while linking | Nilesh Patra <npatra974@gmail.com> | no | |||
| do-not-use-native-flags.patch | Disable -march=native which is a baseline violation | Nilesh Patra <npatra974@gmail.com> | no | debian | 2020-11-11 | |
| cve-2023-37365.patch | hnswalg.h: cap M to 10000 (CVE-2023-37365) This patch works around issue nmslib#467, also referenced as CVE-2023-37365, by implementing Yury Malkov's suggestion about capping the M value, coding the maximum number of outgoing connections in the graph, to a reasonable enough value of the order of 10000. For the record, the documentation indicates reasonable values for M range from 2 to 100, which are well within the cap; see ALGO_PARAMS.md. . The reproducer shown in issue nmslib#467 doesn't trigger the double free condition anymore after this change is applied, but completes successfully, although with the below warning popping up on purpose: . warning: M parameter exceeds 10000 which may lead to adverse effects. Cap to 10000 will be applied for the rest of the processing. |
tienne Mollier <emollier@debian.org> | yes | debian upstream | 2023-07-19 |