From ${URL} : A stack-based buffer overflow flaw was found in gpsd versions 2.90 to 3.17. Successful exploitation of this vulnerability could allow remote code execution, data exfiltration, or denial-of service via device crash. Upstream patch: https://git.savannah.gnu.org/cgit/gpsd.git/commit/json.c?id=7646cbd04055a50b157312ba6b376e88bd398c19 References: https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ffcb70d5dc733edf8419c1435a0b5f8c03a838f5 commit ffcb70d5dc733edf8419c1435a0b5f8c03a838f5 Author: Robin H. Johnson <robbat2@gentoo.org> AuthorDate: 2019-10-03 05:13:17 +0000 Commit: Robin H. Johnson <robbat2@gentoo.org> CommitDate: 2019-10-04 18:59:32 +0000 sci-geosciences/gpsd: bump, partial cleanups Bump for security vulnerability, start cleanups. Fixes: https://bugs.gentoo.org/673372 Fixes: https://bugs.gentoo.org/673382 Fixes: https://bugs.gentoo.org/678474 Package-Manager: Portage-2.3.76, Repoman-2.3.17 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> sci-geosciences/gpsd/Manifest | 2 + .../gpsd/files/gpsd-3.18.1-do_not_rm_library.patch | 11 ++ .../gpsd/files/gpsd-3.19-do_not_rm_library.patch | 11 ++ sci-geosciences/gpsd/gpsd-3.18.1.ebuild | 192 +++++++++++++++++++++ sci-geosciences/gpsd/gpsd-3.19.ebuild | 192 +++++++++++++++++++++ 5 files changed, 408 insertions(+)
