Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 552652 - =media-sound/umurmur-0.2.16: DoS with shm use flag
Summary: =media-sound/umurmur-0.2.16: DoS with shm use flag
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-20 15:36 UTC by Daniel M. Weeks
Modified: 2015-07-01 11:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel M. Weeks 2015-06-20 15:36:51 UTC 
Version 0.2.16 has a straightforward DoS vulnerability when compiled with shared memory support. The vulnerability is fixed in 0.2.16a. No other versions are affected.

Reproducible: Always
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2015-06-20 16:42:34 UTC 
+*umurmur-0.2.16a (20 Jun 2015)
+
+  20 Jun 2015; Lars Wendler <polynomial-c@gentoo.org> -umurmur-0.2.14.ebuild,
+  -umurmur-0.2.15.ebuild, +umurmur-0.2.16a.ebuild:
+  Security bump (bug #552652). Removed old.
+

Arches please test and mark stable =media-sound/umurmur-0.2.16a with target KEYWORDS:

amd64 ~arm x86
Comment 2 Agostino Sarubbo gentoo-dev 2015-06-21 13:21:44 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-06-26 08:06:02 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 4 Sergey Popov gentoo-dev 2015-07-01 09:41:46 UTC 
Thanks for your work, guys. Cleanup is done

GLSA vote: no
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2015-07-01 11:16:36 UTC 
Arches and Maintainer(s), Thank you for your work.

GLSA Vote: No
Thank you all. Closing as noglsa.