Summary: | dev-util/git <1.5.6.4 PATH_MAX Stack-based buffer overflow (CVE-2008-3546) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ferdy, fmccor, robbat2 |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/31347/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2008-08-06 11:41:36 UTC
We have 1.5.6.4 in the tree, is it ready for stabling? yup, you can ask arches to stable it. There's a pending HPPA issue that's much older however, due to a GCC bug. Arches, please test and mark stable: =dev-util/git-1.5.6.4 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" Sparc stable (about 3 weeks early, but OK for security bug). There are certainly a lot of old versions of this floating around in the tree. :) amd64 stable ppc64 stable x86 stable If you run into problems with testcases, make sure you have FEATURES=userpriv first of all, and on 64-bit userspace big-endian boxes, there's also a false positive in t0040 at the moment, that upstream should be including in the next release, 1.5.6.6 (not out yet). alpha/ia64 stable ppc stable (In reply to comment #2) > yup, you can ask arches to stable it. There's a pending HPPA issue that's much > older however, due to a GCC bug. > Has it been solved in the meanwhile, or is there a bug # to track it? It's the only arch left before we move to [glsa] Stable for HPPA. The branching issue in HPPA's compiler was fixed half a year ago, and toolchain hasn't promised any new (working) gcc versions or even a revision. glsa request filed. GLSA 200809-16 |