I have found a buffer overflow in libbsd. Upstream has released 0.8.2 today to fix it. I think the affected function is rarely used, so I assume impact is relatively limited. Upstream commit with explanation: http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7 Please bump.
Added 0.8.2 which includes a fix for this. Arches please test and stablize.
Stable on alpha.
Stable for HPPA.
amd64 stable
Stable for PPC64.
arm stable
x86 stable
ppc stable
sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
CVE-2016-2090 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2090): libbsd 0.8.1 and earlier contains a buffer overflow in the function fgetwln(). An if checks if it is necessary to reallocate memory in the target buffer. However this check is off by one, therefore an out of bounds write happens.
GLSA opened.
@maintainers, still pending cleanup of vulnerable ebuilds. Please let us know when complete or if you are unable to at this time. Thanks.
Cleanup done.
This issue was resolved and addressed in GLSA 201607-13 at https://security.gentoo.org/glsa/201607-13 by GLSA coordinator Aaron Bauman (b-man).