Summary: | <dev-libs/mpfr-2.4.1 mpfr_snprintf and mpfr_vsnprintf buffer overflow (CVE-2009-0757) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | toolchain |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.mpfr.org/mpfr-2.4.1 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2009-03-02 17:22:01 UTC
Is 2.4.1 good to go for stabling? np Arches, please test and mark stable: =dev-libs/mpfr-2.4.1_p1 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" Stable for HPPA. ppc64 done CVE-2009-0757 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0757): Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions. Sparc stable, "All 148 tests pass." ppc stable amd64/x86 stable alpha/arm/ia64/s390/sh stable GLSA 200903-13 |