From ${URL} : Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client. References: https://tintin.sourceforge.io/forum/viewtopic.php?f=1&t=2584&sid=31b77bb001faea9269bf224280960e29#p10505 https://tintin.sourceforge.io/news.php https://trustfoundry.net/cve-2019-7629-rce-in-an-open-source-mud-client/ @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
@maintainer(s), ok to cleanup? looks like it's fixed in tree
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcd32c34004cb5a45396ff576f3a5a94d6ec1fb6 commit bcd32c34004cb5a45396ff576f3a5a94d6ec1fb6 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-06-20 01:07:24 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-20 01:07:24 +0000 games-mud/tintin: drop vulnerable Bug: https://bugs.gentoo.org/678478 Signed-off-by: Aaron Bauman <bman@gentoo.org> games-mud/tintin/Manifest | 1 - games-mud/tintin/tintin-2.01.1-r1.ebuild | 34 -------------------------------- 2 files changed, 35 deletions(-)