Incoming details.
Now publicly disclosed. Description: "hivex is a library for reading and writing Windows Registry (hive) files. Jeremy Galindo, Sr Security Engineer at Datto.com found a flaw caused by a lack of bounds checking in hivex_open which would cause hivex to read memory beyond its normal bounds and/or cause the program to crash." https://bugzilla.redhat.com/show_bug.cgi?id=1949687 https://listman.redhat.com/archives/libguestfs/2021-May/msg00013.html Patch in 1.3.20: https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a69af54f09f3f929f87140cd4c239aca323748d commit 0a69af54f09f3f929f87140cd4c239aca323748d Author: Sam James <sam@gentoo.org> AuthorDate: 2021-06-07 23:25:21 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-07 23:27:11 +0000 app-misc/hivex: add 1.3.20 Bug: https://bugs.gentoo.org/784584 Closes: https://bugs.gentoo.org/682238 Closes: https://bugs.gentoo.org/692528 Signed-off-by: Sam James <sam@gentoo.org> app-misc/hivex/Manifest | 1 + app-misc/hivex/hivex-1.3.20.ebuild | 119 +++++++++++++++++++++++++++++++++++++ 2 files changed, 120 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6fb37672ae1310f4a3721b46e8e838ea2917f5b0 commit 6fb37672ae1310f4a3721b46e8e838ea2917f5b0 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-07-12 19:28:54 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-07-12 19:29:06 +0000 app-misc/hivex: drop 1.3.18 Bug: https://bugs.gentoo.org/784584 Signed-off-by: John Helmert III <ajak@gentoo.org> app-misc/hivex/Manifest | 1 - app-misc/hivex/hivex-1.3.18.ebuild | 113 ------------------------------------- 2 files changed, 114 deletions(-)
All unstable, tree clean, all done.
