Summary: | <sys-apps/busybox-1.19.0: unpack_Z_stream() Buffer Underflow (CVE requested) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | embedded |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.busybox.net/busybox/diff/archival/libarchive/decompress_uncompress.c?id=251fc70e9722f931eec23a34030d05ba5f747b0e | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2011-08-19 11:13:15 UTC
When quoting text, please provide your source, in this case Secunia (http://secunia.com/advisories/45702/). i think this is fixed with upstream busybox-1.19.0-uncompress.patch which is part of the new busybox-1.19.0 ebuild that is in the tree now (In reply to comment #2) > i think this is fixed with upstream busybox-1.19.0-uncompress.patch which is > part of the new busybox-1.19.0 ebuild that is in the tree now Great, thanks. Can we stabilize 1.19.0? i dont know of any blocking issues (In reply to comment #4) > i dont know of any blocking issues Ok, thanks. Arches, please test and mark stable: =sys-apps/busybox-1.19.0 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" ppc/ppc64 stable x86 stable amd64: pass hppa stable amd64: passes all amd64 ok Take a look at bug 379965 that can't block this stabilization. amd64 done. Thanks Agostino, Ian and Elijah arm stable alpha/ia64/m68k/s390/sh/sparc stable Thanks all, adding glsa request. Thanks, folks. New GLSA request filed. This issue was resolved and addressed in GLSA 201312-02 at http://security.gentoo.org/glsa/glsa-201312-02.xml by GLSA coordinator Chris Reffett (creffett). |