Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 747451 (CVE-2020-36774) - <dev-util/glade-3.38.2: DoS Vulnerability
Summary: <dev-util/glade-3.38.2: DoS Vulnerability
Status: RESOLVED FIXED
Alias: CVE-2020-36774
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://gitlab.gnome.org/GNOME/glade/...
Whiteboard: A3 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-09 13:58 UTC by John Helmert III
Modified: 2024-02-19 06:15 UTC (History)
1 user (show)

See Also:
Package list:
dev-util/glade-3.38.2
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-10-09 13:58:51 UTC
Glade 3.38 appears to fix a DoS vulnerability via a crafted file, or apparently even a file created by Glade.
Comment 1 Larry the Git Cow gentoo-dev 2021-04-19 00:22:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f30046ca32f03620cf8359e02fc6836a6adb4062

commit f30046ca32f03620cf8359e02fc6836a6adb4062
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2021-04-18 23:49:54 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2021-04-19 00:22:49 +0000

    dev-util/glade: Version bump to 3.38.2
    
    Bug: https://bugs.gentoo.org/747451
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 dev-util/glade/Manifest            |  1 +
 dev-util/glade/glade-3.38.2.ebuild | 81 ++++++++++++++++++++++++++++++++++++++
 dev-util/glade/metadata.xml        |  1 +
 3 files changed, 83 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-04-19 01:52:14 UTC
Thanks! Please stable when ready.
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-06 05:47:00 UTC
Ping
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-06 22:12:51 UTC
arm64 done
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-07 13:31:04 UTC
arm done
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-09 01:26:37 UTC
amd64 done
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-09 21:48:51 UTC
ppc64 done
Comment 8 Agostino Sarubbo gentoo-dev 2021-05-10 06:59:14 UTC
x86 stable
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-10 10:55:18 UTC
ppc done
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2021-05-11 20:50:36 UTC
sparc stable
Comment 11 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-05-13 14:22:50 UTC
Please cleanup.
Comment 12 Larry the Git Cow gentoo-dev 2021-05-22 02:33:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=587971220c74fa551d3e02521fa8ace667b25e80

commit 587971220c74fa551d3e02521fa8ace667b25e80
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2021-05-22 02:31:43 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2021-05-22 02:33:46 +0000

    dev-util/glade: Drop old versions
    
    Bug: https://bugs.gentoo.org/747451
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 dev-util/glade/Manifest            |  1 -
 dev-util/glade/glade-3.36.0.ebuild | 91 --------------------------------------
 2 files changed, 92 deletions(-)
Comment 13 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-05-22 18:01:05 UTC
Thanks!
Comment 14 NATTkA bot gentoo-dev 2022-02-09 00:56:58 UTC
Unable to check for sanity:

> no match for package: dev-util/glade-3.38.2
Comment 15 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-02-18 00:31:41 UTC
CVE requested.
Comment 16 Larry the Git Cow gentoo-dev 2024-02-19 06:10:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=8869aef2885d8462446b8ec20c6e918254ba2bdb

commit 8869aef2885d8462446b8ec20c6e918254ba2bdb
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-19 06:02:10 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2024-02-19 06:10:22 +0000

    [ GLSA 202402-27 ] Glade: Denial of Service
    
    Bug: https://bugs.gentoo.org/747451
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202402-27.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)