Summary: | <dev-libs/libcroco-0.6.13-r1: Stack overflow in cr_parser_parse_any_core (CVE-2020-12825) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | Flags: | nattka:
sanity-check+
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitlab.gnome.org/GNOME/libcroco/-/issues/8 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
dev-libs/libcroco-0.6.13-r1
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 755845 |
Description
Sam James
2020-05-12 18:53:43 UTC
Patch: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404/diffs?commit_id=44cbd1e718d6a08e59b9300280c340218a84e089 (thanks leio) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c5ef4bf3c0497dd26da1f97b48e3a4b2e11241e commit 2c5ef4bf3c0497dd26da1f97b48e3a4b2e11241e Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-05-25 21:42:08 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-05-25 21:42:19 +0000 dev-libs/libcroco: fix CVE-2020-12825 Bug: https://bugs.gentoo.org/722752 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> .../files/libcroco-0.6.13-CVE-2020-12825.patch | 187 +++++++++++++++++++++ dev-libs/libcroco/libcroco-0.6.13-r1.ebuild | 57 +++++++ 2 files changed, 244 insertions(+) amd64 done arm64 done x86 done arm done ppc done ppc64 done hppa stable sparc done Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2530fef2b523640b7cf3d3195dde3afb23b5f9c commit c2530fef2b523640b7cf3d3195dde3afb23b5f9c Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2021-05-30 19:42:54 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2021-05-30 19:43:29 +0000 dev-libs/libcroco: Drop old versions Bug: https://bugs.gentoo.org/722752 Signed-off-by: Matt Turner <mattst88@gentoo.org> dev-libs/libcroco/libcroco-0.6.13.ebuild | 55 -------------------------------- 1 file changed, 55 deletions(-) Added to an existing GLSA request. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=2a92e2043bdf43ba9d8813b5b7aca6e24d69f047 commit 2a92e2043bdf43ba9d8813b5b7aca6e24d69f047 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-21 01:34:48 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-21 01:40:47 +0000 [ GLSA 202208-33 ] Gnome Shell, gettext, libcroco: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/722752 Bug: https://bugs.gentoo.org/755848 Bug: https://bugs.gentoo.org/769998 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-33.xml | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) GLSA released, all done! |