Description: "UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error." Patch: https://github.com/jgarzik/univalue/pull/58 The fix is included in 1.0.5: https://github.com/jgarzik/univalue/compare/v1.0.4...v1.0.5
@maintainer(s): ping
Oops, forgot to finish this https://github.com/gentoo/gentoo/pull/15389
Bumped in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90a8f8422285d07017893315229fe0b64fe8807d. We'll stable if no objections.
amd64 done
arm stable
x86: ping
x86 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f977b3c14def1e03236dfa806841e3a259c2192 commit 6f977b3c14def1e03236dfa806841e3a259c2192 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-17 21:29:40 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-17 23:59:57 +0000 dev-libs/univalue: security cleanup Bug: https://bugs.gentoo.org/714016 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/univalue/Manifest | 3 --- dev-libs/univalue/univalue-1.0.2.ebuild | 33 ---------------------------- dev-libs/univalue/univalue-1.0.3.ebuild | 32 --------------------------- dev-libs/univalue/univalue-1.0.4.ebuild | 38 --------------------------------- 4 files changed, 106 deletions(-)
GLSA vote: no! Tree is clean, closing.
