CVE-2022-29693 (https://github.com/unicorn-engine/unicorn/commit/469fc4c35a0cfabdbefb158e22d145f4ee6f77b9): https://github.com/unicorn-engine/unicorn/issues/1586 Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. CVE-2022-29694 (https://github.com/unicorn-engine/unicorn/commit/3d3deac5e6d38602b689c4fef5dac004f07a2e63): https://violentbinary.github.io/posts/2-simple-analysis-of-software-virtualization-of-memory-in-unicorn-engine/ https://github.com/unicorn-engine/unicorn/issues/1588 Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free. CVE-2022-29695 (https://github.com/unicorn-engine/unicorn/issues/1595): https://github.com/unicorn-engine/unicorn/commit/5a79d7879ca3ee0ce684ad6576d8ac15e8d90fc7 Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. Contrary to what the CVEs say, each of these fixes seems to be in v2.0.0-rc7. Please cleanup rc6.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9fec686abf789fdff36a90c3763d9558203cbf9a commit 9fec686abf789fdff36a90c3763d9558203cbf9a Author: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de> AuthorDate: 2022-06-02 21:53:37 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2022-06-03 07:10:46 +0000 dev-util/unicorn: remove old Bug: https://bugs.gentoo.org/849395 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de> Closes: https://github.com/gentoo/gentoo/pull/25733 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-util/unicorn/Manifest | 1 - dev-util/unicorn/unicorn-2.0.0_rc6.ebuild | 80 ------------------------------- 2 files changed, 81 deletions(-)
Thanks, all done!
