Summary: | <dev-util/global-6.6.4: gozilla.c in GNU GLOBAL before 6.6.1 does not validate strings (CVE-2017-17531) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Dahl <ua_gentoo_bugzilla> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | arfrever.fta, jstein, naota |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.gnu.org/archive/html/info-global/2017-12/msg00001.html | ||
Whiteboard: | C2 [glsa+ cve] | ||
Package list: |
dev-util/global-6.6.4
|
Runtime testing required: | --- |
Bug Depends on: | 701376 | ||
Bug Blocks: |
Description
Matthias Dahl
2018-02-01 19:26:56 UTC
v6.6.2 was released on 9 Feb 2018: http://lists.gnu.org/archive/html/info-global/2018-02/msg00000.html Considering how long v6.6.x has been out and that this is a security issue, it would be nice to get this version bumped in the tree asap. @security, as there is no fixed version available in tree; changing summary and setting perceived Whiteboard based off vulnerability description. Gentoo Security Jmbailey/mbailey_j @maintainer(s), please create an appropriate ebuild, and call for stabilisation when ready. (In reply to sam_c (Security Padawan) from comment #3) > @maintainer(s), please create an appropriate ebuild, and call for > stabilisation when ready. sorry, I meant: @maintainer(s), please advise if you are ready for stabilisation or call for stabilisation yourself. Been in tree long enough. Will stable unless any objections. ppc stable amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. GLSA vote: no This issue was resolved and addressed in GLSA 202008-02 at https://security.gentoo.org/glsa/202008-02 by GLSA coordinator Sam James (sam_c). Reopening for cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76c1cf9aa7fd7da4311612199fd09ed9caff0290 commit 76c1cf9aa7fd7da4311612199fd09ed9caff0290 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-09-09 16:01:36 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-09-09 16:01:36 +0000 dev-util/global: security cleanup Bug: https://bugs.gentoo.org/646348 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Sam James <sam@gentoo.org> dev-util/global/Manifest | 2 - dev-util/global/global-6.3.1.ebuild | 81 ------------------------------- dev-util/global/global-6.5.7.ebuild | 96 ------------------------------------- 3 files changed, 179 deletions(-) |