607380 – <app-misc/pax-utils-1.2.1: two out of bounds read

Bug 607380 - <app-misc/pax-utils-1.2.1: two out of bounds read

Summary: <app-misc/pax-utils-1.2.1: two out of bounds read

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Auditing (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security Audit Team

URL:
Whiteboard:
Keywords:

Depends on:	646606
Blocks:
	Show dependency tree

Reported:	2017-01-27 08:56 UTC by Agostino Sarubbo
Modified:	2018-06-08 19:02 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2017-01-27 08:56:45 UTC

I discovered 2 out of bounds read issues which was reported privately to vapier.

He fixed them in this commit:
https://github.com/gentoo/pax-utils/commit/95e5489534ac9e9324c5096286899b688e19ae00

My tests was based on 1.2.0 but our current stable is affected.
May we stabilize 1.2.2 ?

Thanks.

Comment 1 Doug Goldstein (RETIRED) gentoo-dev

2018-02-04 18:59:19 UTC

So this has hung out for a while. Let's stabilize.

Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev

2018-02-04 20:02:53 UTC

This component has no 'Package List' field, the bug has no KEYWORDREQ tag. It has quite low visibility for arch teams.

Comment 3 Doug Goldstein (RETIRED) gentoo-dev

2018-02-04 20:33:12 UTC

I made a new bug. Feel free to comment there.

Comment 4 Doug Goldstein (RETIRED) gentoo-dev

2018-02-04 20:35:40 UTC

Once https://bugs.gentoo.org/646606 is done we need to delete all old versions from the tree.