CVE-2017-15368 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15368): The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call. References: https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515 https://github.com/radare/radare2/issues/8673 @Maintainer(s): The fixed ebuild is in the tree, please clean the vulnerable ebuild from the tree.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=948ac4ceef675ff449cec40f4fe6025c75453cb8 commit 948ac4ceef675ff449cec40f4fe6025c75453cb8 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2017-10-16 16:22:42 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2017-10-16 16:23:43 +0000 dev-util/radare2: drop old ebuilds, bug #634460 Bug: https://bugs.gentoo.org/634460 Package-Manager: Portage-2.3.11, Repoman-2.3.3 dev-util/radare2/Manifest | 6 --- .../files/radare2-1.1.0-openssl-1.1.0c.patch | 31 ------------- dev-util/radare2/radare2-1.1.0.ebuild | 42 ----------------- dev-util/radare2/radare2-1.2.0.ebuild | 43 ------------------ dev-util/radare2/radare2-1.3.0.ebuild | 43 ------------------ dev-util/radare2/radare2-1.4.0-r1.ebuild | 45 ------------------ dev-util/radare2/radare2-1.4.0.ebuild | 45 ------------------ dev-util/radare2/radare2-1.6.0.ebuild | 45 ------------------ dev-util/radare2/radare2-2.0.0.ebuild | 53 ---------------------- 9 files changed, 353 deletions(-)}
Thank you all.