Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 940491 - <app-misc/fdupes-2.3.1: buffer overflow bug in getrealpath() function
Summary: <app-misc/fdupes-2.3.1: buffer overflow bug in getrealpath() function
Status: CONFIRMED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://github.com/adrianlopezroche/f...
Whiteboard: B3 [glsa?]
Keywords:
Depends on: 943537
Blocks:
  Show dependency tree
 
Reported: 2024-09-29 16:23 UTC by Arthur Zamarin
Modified: 2024-11-15 11:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arthur Zamarin archtester Gentoo Infrastructure gentoo-dev Security 2024-09-29 16:23:08 UTC 
Detected while bumping fdupes, commit [1] fixed a buffer overflow. No CVE or serious report done for that.

[1] https://github.com/adrianlopezroche/fdupes/commit/732404d4447f32a69b8ceee10d1fcdcfef52c616
Comment 1 Larry the Git Cow gentoo-dev 2024-09-29 16:23:54 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b21deab18ca85fd2ce3f86fcae7fbc6e8d665f2

commit 7b21deab18ca85fd2ce3f86fcae7fbc6e8d665f2
Author:     Arthur Zamarin <arthurzam@gentoo.org>
AuthorDate: 2024-09-29 16:06:40 +0000
Commit:     Arthur Zamarin <arthurzam@gentoo.org>
CommitDate: 2024-09-29 16:23:24 +0000

    app-misc/fdupes: add 2.3.2
    
    Bug: https://bugs.gentoo.org/940491
    Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>

 app-misc/fdupes/Manifest            |  1 +
 app-misc/fdupes/fdupes-2.3.2.ebuild | 38 +++++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2024-11-15 10:56:12 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61349abf725dd5ac22587f083ffceb2ff39ab90b

commit 61349abf725dd5ac22587f083ffceb2ff39ab90b
Author:     Arthur Zamarin <arthurzam@gentoo.org>
AuthorDate: 2024-11-15 10:55:26 +0000
Commit:     Arthur Zamarin <arthurzam@gentoo.org>
CommitDate: 2024-11-15 10:55:40 +0000

    app-misc/fdupes: drop 2.2.1, 2.3.0
    
    Bug: https://bugs.gentoo.org/940491
    Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>

 app-misc/fdupes/Manifest            |  2 --
 app-misc/fdupes/fdupes-2.2.1.ebuild | 43 ------------------------------------
 app-misc/fdupes/fdupes-2.3.0.ebuild | 44 -------------------------------------
 3 files changed, 89 deletions(-)
Comment 3 Arthur Zamarin archtester Gentoo Infrastructure gentoo-dev Security 2024-11-15 10:57:26 UTC 
Stabled the new safe version, and dropped all previous versions.