622916 – <sci-libs/proj-5.2.0: Stack-buffer-overflow in pj_open_lib_ex

Bug 622916 - <sci-libs/proj-5.2.0: Stack-buffer-overflow in pj_open_lib_ex

Summary: <sci-libs/proj-5.2.0: Stack-buffer-overflow in pj_open_lib_ex

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://bugs.chromium.org/p/oss-fuzz/...
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:	706146
Blocks:
	Show dependency tree

Reported:	2017-06-28 13:14 UTC by Agostino Sarubbo
Modified:	2020-05-04 02:34 UTC (History)
CC List:	1 user (show)

See Also:	https://github.com/gentoo/gentoo/pull/11147
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2017-06-28 13:14:08 UTC

OSS-Fuzz is a Continuous Fuzzing for Open Source Software. See $URL for more details about the issue.
Commit fix: https://github.com/OSGeo/proj.4/commit/52d5ea847b5ea712ba9f975f2c1aafe9f1798ff5



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Aaron Bauman (RETIRED) gentoo-dev

2018-11-27 22:49:48 UTC

This is fixed upstream in >=5.0.0

@maintainers, please bump

Comment 2 Larry the Git Cow gentoo-dev

2019-10-20 14:20:54 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef3671c9c323f297bfb4477c4e8462d2bda01902

commit ef3671c9c323f297bfb4477c4e8462d2bda01902
Author:     Chris Mayo <aklhfex@gmail.com>
AuthorDate: 2019-03-19 19:58:43 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2019-10-20 14:19:31 +0000

    sci-libs/proj: version bump to 5.2.0
    
    Drop Java support:
    
    - Requires at least JDK 9 which is not available from a Gentoo supported VM
    - ebuild needs changing to use ant
    
    Bug: https://bugs.gentoo.org/622916
    Bug: https://bugs.gentoo.org/623164
    Bug: https://bugs.gentoo.org/623640
    Signed-off-by: Chris Mayo <aklhfex@gmail.com>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11
    Closes: https://github.com/gentoo/gentoo/pull/11147
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 sci-libs/proj/Manifest          |  2 ++
 sci-libs/proj/proj-5.2.0.ebuild | 43 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)

Comment 3 NATTkA bot gentoo-dev

2020-04-11 06:24:08 UTC

Unable to check for sanity:

> no match for package: dev-python/ijson-2.4

Comment 4 NATTkA bot gentoo-dev

2020-04-12 18:54:18 UTC

All sanity-check issues have been resolved

Comment 5 NATTkA bot gentoo-dev

2020-04-12 19:31:41 UTC

Resetting sanity check; package list is empty or all packages are done.

Comment 6 Larry the Git Cow gentoo-dev

2020-04-13 18:46:32 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc87dc45e773817d5c6865bef567ed5cfdb9d5fd

commit cc87dc45e773817d5c6865bef567ed5cfdb9d5fd
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2020-04-13 17:02:34 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2020-04-13 18:46:18 +0000

    sci-libs/proj: Security cleanup (drop 4.9.2 and 5.2.0)
    
    Bug: https://bugs.gentoo.org/622916
    Bug: https://bugs.gentoo.org/623164
    Bug: https://bugs.gentoo.org/623640
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 sci-libs/proj/Manifest          |  4 ---
 sci-libs/proj/proj-4.9.2.ebuild | 54 -----------------------------------------
 sci-libs/proj/proj-5.2.0.ebuild | 43 --------------------------------
 3 files changed, 101 deletions(-)

Comment 7 Andreas Sturmlechner gentoo-dev

2020-04-13 18:48:03 UTC

Cleanup done.