930378 – <dev-perl/Crypt-SMIME-0.300.0: double free in x509 parser

Bug 930378 - <dev-perl/Crypt-SMIME-0.300.0: double free in x509 parser

Summary: <dev-perl/Crypt-SMIME-0.300.0: double free in x509 parser

Status:	IN_PROGRESS

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://metacpan.org/dist/Crypt-SMIME...
Whiteboard:	B3 [cleanup glsa?]
Keywords:

Depends on:
Blocks:	924012
	Show dependency tree

Reported:	2024-04-21 17:23 UTC by Hanno Böck
Modified:	2024-10-24 18:40 UTC (History)
CC List:	1 user (show)

See Also:	https://rt.cpan.org/Public/Bug/Display.html?id=152115
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hanno Böck gentoo-dev

2024-04-21 17:23:03 UTC

See
https://metacpan.org/dist/Crypt-SMIME/changes

0.29    Mon Mar  4 18:10:38 JST 2024
        - Fixed a bug which could cause a double-free on X.509
          structures in a certain scenario:
          https://rt.cpan.org/Public/Bug/Display.html?id=152115

Sounds like a security bug.

Comment 1 Larry the Git Cow gentoo-dev

2024-04-29 04:45:12 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8f346d70b929d0e978a7653c054e26ff89f114f

commit b8f346d70b929d0e978a7653c054e26ff89f114f
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-04-29 04:44:46 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-04-29 04:44:46 +0000

    dev-perl/Crypt-SMIME: add 0.300.0
    
    Bug: https://bugs.gentoo.org/930378
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-perl/Crypt-SMIME/Crypt-SMIME-0.300.0.ebuild | 42 +++++++++++++++++++++++++
 dev-perl/Crypt-SMIME/Manifest                   |  1 +
 2 files changed, 43 insertions(+)