645208 – <=sys-auth/fprintd-0.5.1 potentially contains solved security bugs solved by upstream

Bug 645208 - <=sys-auth/fprintd-0.5.1 potentially contains solved security bugs solved by upstream

Summary: <=sys-auth/fprintd-0.5.1 potentially contains solved security bugs solved by ...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://cgit.freedesktop.org/libfprin...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-01-21 06:58 UTC by Tim Mohlmann
Modified:	2018-02-21 23:53 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Mohlmann 2018-01-21 06:58:58 UTC

In upstream changelog, a number of security bugs are solved after 0.5.1 release. I'm not sure the impact, it was just something I noticed. Attached the link to upstream change log. Below the concerned commits:

pam: Fix eventfd leak:
https://cgit.freedesktop.org/libfprint/fprintd/commit/?id=7e4630ced2be4b7ecdfb9d60cfe0e0d3de594411

main: Plug tiny memory leak:
https://cgit.freedesktop.org/libfprint/fprintd/commit/?id=8fa3dcd5cd6f4841ae5e9789dde5c9daf302dd51

data: Stop privilege escalations in daemon:
https://cgit.freedesktop.org/libfprint/fprintd/commit/?id=6494efa94e5bb27f235ed758bba971c2d609ea2f

Latest stable version in tree: 0.5.0, released by upstream 2013-03-05
Latest available version upstream: 0.8.0, released 2017-09-13

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2018-02-21 23:53:16 UTC

No reported issues are vulnerabilities. Feel free to file a normal stabilization request.