Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 925290 - <sys-fs/zfs-2.2.3: Bundled old Lua is vulnerable to CVE-2020-24370
Summary: <sys-fs/zfs-2.2.3: Bundled old Lua is vulnerable to CVE-2020-24370
Status: CONFIRMED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/advisories/GHSA-gf...
Whiteboard: B4 [stable?]
Keywords:
Depends on:
Blocks: CVE-2019-6706, CVE-2020-15888, CVE-2020-15889, CVE-2020-15945, CVE-2020-24342, CVE-2020-24369, CVE-2020-24370, CVE-2020-24371
  Show dependency tree
 
Reported: 2024-02-23 05:07 UTC by Sam James
Modified: 2024-02-23 07:19 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-02-23 05:07:07 UTC 
From 2.2.3 release notes:
> LUA: Backport CVE-2020-24370's patch #15847
Comment 1 Larry the Git Cow gentoo-dev 2024-02-23 06:33:22 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bda8ae7ff2bba3e341c010c67009aa403985656d

commit bda8ae7ff2bba3e341c010c67009aa403985656d
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-02-23 05:04:44 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-02-23 06:33:04 +0000

    sys-fs/zfs: add 2.2.3
    
    Bug: https://bugs.gentoo.org/925290
    Closes: https://bugs.gentoo.org/925281
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-fs/zfs/Manifest               |   2 +
 sys-fs/zfs/files/2.2.3-musl.patch |  34 +++++
 sys-fs/zfs/zfs-2.2.3.ebuild       | 308 ++++++++++++++++++++++++++++++++++++++
 sys-fs/zfs/zfs-9999.ebuild        |   2 +-
 4 files changed, 345 insertions(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a367cc6d29a7b1b70cdf6072ca6fd1d6a21b6f8

commit 9a367cc6d29a7b1b70cdf6072ca6fd1d6a21b6f8
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-02-23 05:04:15 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-02-23 06:29:47 +0000

    sys-fs/zfs-kmod: add 2.2.3
    
    Bug: https://bugs.gentoo.org/925290
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-fs/zfs-kmod/Manifest              |   2 +
 sys-fs/zfs-kmod/zfs-kmod-2.2.3.ebuild | 217 ++++++++++++++++++++++++++++++++++
 sys-fs/zfs-kmod/zfs-kmod-9999.ebuild  |   4 +-
 3 files changed, 221 insertions(+), 2 deletions(-)