Comment 1 Christopher Díaz Riveros (RETIRED) 2018-02-06 18:26:53 UTC

(In reply to Hanno Boeck from comment #0)
> See
> https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
> 
> This has been fixed in 7-zip 18.00, but p7zip hasn't been updated yet. If it
> doesn't get updated we may need to backport fixes.

Thanks Hanno,

@Maintainer please advice best way to proceed.

Comment 2 Larry the Git Cow 2018-02-07 19:41:12 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b684427f2fbb85f3f5f895f7794b81d6f83a4bea

commit b684427f2fbb85f3f5f895f7794b81d6f83a4bea
Author:     Matthew Thode <prometheanfire@gentoo.org>
AuthorDate: 2018-02-07 19:40:40 +0000
Commit:     Matthew Thode <prometheanfire@gentoo.org>
CommitDate: 2018-02-07 19:41:01 +0000

    app-arch/p7zip: for CVE-2017-17969, CVE-2018-5996
    
    Bug: https://bugs.gentoo.org/645500
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 app-arch/p7zip/files/CVE-2017-17969.patch |  26 ++++
 app-arch/p7zip/files/CVE-2018-5996.patch  | 221 ++++++++++++++++++++++++++++++
 app-arch/p7zip/p7zip-16.02-r2.ebuild      | 163 ++++++++++++++++++++++
 3 files changed, 410 insertions(+)}

Comment 3 Matthew Thode ( prometheanfire ) 2018-02-07 19:46:01 UTC

Ya, ready for fast stable now for '=app-arch/p7zip-16.02-r2 alpha amd64 hppa ia64 ppc ppc64 sparc x86'

Let me know if I'm good to add it to the package list and cc arches.

Comment 4 Matthew Thode ( prometheanfire ) 2018-02-07 20:01:37 UTC

not adding sparc as sparc is not for stable now?

Comment 5 Sergei Trofimovich (RETIRED) 2018-02-08 21:52:02 UTC

ia64 stable

Comment 6 Sergei Trofimovich (RETIRED) 2018-02-09 07:35:17 UTC

hppa stable

Comment 7 Agostino Sarubbo 2018-02-09 08:40:03 UTC

amd64 stable

Comment 8 Thomas Deutschmann (RETIRED) 2018-02-10 00:33:53 UTC

x86 stable

Comment 9 Tobias Klausmann (RETIRED) 2018-03-04 17:44:31 UTC

Stable on alpha.

Comment 10 Matt Turner 2018-03-12 01:05:24 UTC

ppc/ppc64 done. all arches done

Comment 11 Aaron Bauman (RETIRED) 2018-06-11 15:37:39 UTC

@maintainer, please drop vulnerable

Comment 12 Aaron Bauman (RETIRED) 2018-06-11 15:38:00 UTC

Adding sparc for a chance to stable

Comment 13 Larry the Git Cow 2018-06-18 18:31:36 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=edbb0d92c07600a6202c7f6d1e434cdcc185ec38

commit edbb0d92c07600a6202c7f6d1e434cdcc185ec38
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-06-18 16:30:14 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-18 18:30:55 +0000

    app-arch/p7zip: stable 16.02-r2 for sparc
    
    Bug: https://bugs.gentoo.org/645500
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 app-arch/p7zip/p7zip-16.02-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

@maintianer(s), please drop vulnerable.

Michael Boyle
Gentoo Security Padawan