CVE-2022-34295 (https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner): https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399 http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf totd before 1.5.3 does not properly randomize mesg IDs. Patch in 2014, release in 2018, CVE in 2022. Weird. In any case, we need a bump to 1.5.3.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=263ada4ff064f2efbf53f85971b53dbb202a8d6a commit 263ada4ff064f2efbf53f85971b53dbb202a8d6a Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2024-01-07 01:00:40 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2024-01-07 01:00:53 +0000 profiles: last rite net-dns/totd Bug: https://bugs.gentoo.org/856466 Bug: https://bugs.gentoo.org/865253 Signed-off-by: John Helmert III <ajak@gentoo.org> profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63b794b3a21829c48815eb69dd2358470a8e1814 commit 63b794b3a21829c48815eb69dd2358470a8e1814 Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2024-02-10 12:06:51 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2024-02-10 12:06:51 +0000 net-dns/totd: treeclean Closes: https://bugs.gentoo.org/861296 Closes: https://bugs.gentoo.org/900058 Bug: https://bugs.gentoo.org/856466 Bug: https://bugs.gentoo.org/865253 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> net-dns/totd/Manifest | 1 - net-dns/totd/files/totd | 38 ------------------------- net-dns/totd/files/totd-1.5.1-fix-CC.patch | 11 -------- net-dns/totd/files/totd-1.5.1-no_werror.patch | 11 -------- net-dns/totd/metadata.xml | 10 ------- net-dns/totd/totd-1.5.1.ebuild | 40 --------------------------- profiles/package.mask | 5 ---- 7 files changed, 116 deletions(-)
