Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 553692 (CVE-2014-9488) - <sys-apps/less-478: Out of bounds read (CVE-2014-9488)
Summary: <sys-apps/less-478: Out of bounds read (CVE-2014-9488)
Status: RESOLVED FIXED
Alias: CVE-2014-9488
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-01 00:08 UTC by GLSAMaker/CVETool Bot
Modified: 2015-08-10 23:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-07-01 00:08:30 UTC 
CVE-2014-9488 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9488):
  The is_utf8_well_formed function in GNU less before 475 allows remote
  attackers to have unspecified impact via malformed UTF-8 characters, which
  triggers an out-of-bounds read.


Maintainers, please advise if one of the versions > 475 are ready for stabilization.
Comment 1 SpanKY gentoo-dev 2015-07-06 08:19:29 UTC 
stabilizing less-478 should be fine
Comment 2 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-06 15:18:39 UTC 
Please test and mark stable:

=sys-apps/less-478

target KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-06 16:07:00 UTC 
amd64 stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2015-07-07 04:21:02 UTC 
Stable for HPPA PPC64.
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-09 17:06:03 UTC 
arm stable
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2015-07-14 18:40:04 UTC 
Stable on alpha.
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-15 16:18:50 UTC 
x86 stable
Comment 8 Agostino Sarubbo gentoo-dev 2015-07-23 09:03:11 UTC 
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2015-07-23 09:39:25 UTC 
sparc stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 10 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-29 18:04:22 UTC 
GLSA vote: no
Comment 11 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-07-30 07:44:18 UTC 
GLSA Vote: No
Comment 12 Chris Reffett (RETIRED) gentoo-dev Security 2015-08-10 22:36:40 UTC 
Cleanup done. Closing.