From ${URL} : Attached is a zip file of reported TDS streams that cause segmentation faults in the FreeTDS library. The ‘tsql’ binary was used for the fuzzing, so these most likely only affect client-side functionality. These have been resolved on master and the 1.0 branch. Also included in the zip file is a bucket.txt, a crashwalk db dump detailing the crashes for the files in the zip file. You can find the bucket.txt itself in the following Github gist as well. No CVE’s have been requested. https://gist.github.com/brandonprry/bfb0e58682d464e2d2d319644790bdf5 <https://gist.github.com/brandonprry/bfb0e58682d464e2d2d319644790bdf5> To test, you can compile FreeTDS, then use preeny to redirect network IO to stdin/stdout. export LD_PRELOAD=~/preeny/x86_64-linux-gnu/desock.so unzip freetds_crashed.zip cd rpt for i in id*; do valgrind ~/freetds/build/src/apps/tsql -S 127.0.0.1 -U fdsa -P fdsa -I ~/tdsconfig < $i; done A simple tdsconfig file can be used to speed things up a bit. [global] timeout = 1 connect timeout = 1 Many thanks to Frediano Ziglio, the maintainer of FreeTDS, for quick communication and bug fix turn arounds. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
$URL says > These have been resolved on master and the 1.0 branch. We have dev-db/freetds-1.00.41 in tree, so let's start stabilization! @ Arches, please test and mark stable: =dev-db/freetds-1.00.41
arm stable
amd64 stable
x86 stable
sparc stable
ia64 stable
ppc64 stable
Stable on alpha.
ppc stable
Arches, please finish stabilizing hppa Gentoo Security Padawan ChrisADR
hppa stable
GLSA Vote: No
