844736 – <net-libs/pacparser-1.4.0: Memory overwrite vulnerability

Bug 844736 - <net-libs/pacparser-1.4.0: Memory overwrite vulnerability

Summary: <net-libs/pacparser-1.4.0: Memory overwrite vulnerability

Status:	CONFIRMED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa?]
Keywords:

Depends on:	850181
Blocks:
	Show dependency tree

Reported:	2022-05-15 00:05 UTC by Sam James
Modified:	2024-11-24 08:17 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2022-05-15 00:05:53 UTC

See https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9.

Comment 1 Guilherme Amadio gentoo-dev

2023-10-27 13:32:13 UTC

Note that I've pushed 1.4.2 to the tree today, so it now contains the fix for this problem. Please close this bug after confirming. Thank you.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da3bd28696a64f3eb8113f789db8a98df672d423

Comment 2 Guilherme Amadio gentoo-dev

2024-03-10 22:58:36 UTC

pacparser-1.4.0 (which already contains the fix) is the oldest version in the tree. Please close this bug. Thank you!

Comment 3 Guilherme Amadio gentoo-dev

2024-11-22 16:32:12 UTC

Closing this since affected versions of pacparser are long gone from the tree.

Comment 4 Hans de Graaff gentoo-dev

2024-11-24 08:17:09 UTC

(In reply to Guilherme Amadio from comment #3)
> Closing this since affected versions of pacparser are long gone from the
> tree.

Please don't close bug owned by security that still have a process to follow, even if that process has a huge backlog.