(https://nvd.nist.gov/vuln/detail/CVE-2019-12865): In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. upstream fix: https://github.com/radare/radare2/commit/40453029179d230cf02ffed205f2d63e33981b8f Gentoo Security Padawan (domhnall)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3abf285d96a21f56f86e1fdf7814d186bef3c374 commit 3abf285d96a21f56f86e1fdf7814d186bef3c374 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2019-06-22 08:21:36 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2019-06-22 08:21:44 +0000 dev-util/radare2: drop old, bug #688336 Reported-by: D'juan McDonald (domhnall) Bug: https://bugs.gentoo.org/688336 Package-Manager: Portage-2.3.67, Repoman-2.3.15 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> dev-util/radare2/Manifest | 2 -- dev-util/radare2/radare2-3.4.1.ebuild | 62 ----------------------------------- dev-util/radare2/radare2-3.5.0.ebuild | 56 ------------------------------- dev-util/radare2/radare2-3.5.1.ebuild | 56 ------------------------------- 4 files changed, 176 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=677a68abfac2720af13042540adbb5f43b6475c3 commit 677a68abfac2720af13042540adbb5f43b6475c3 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2019-06-22 08:21:01 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2019-06-22 08:21:44 +0000 dev-util/radare2: fix double-free in cmd_mount.c, bug #688336 Reported-by: D'juan McDonald (domhnall) Bug: https://bugs.gentoo.org/688336 Package-Manager: Portage-2.3.67, Repoman-2.3.15 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> .../radare2/files/radare2-3.5.1-mount-free.patch | 22 ++++++++ dev-util/radare2/radare2-3.5.1-r1.ebuild | 60 ++++++++++++++++++++++ 2 files changed, 82 insertions(+)
@Security, please add to CVETool.