Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 409117 (CVE-2012-1162)

Summary: <dev-libs/libzip-0.10.1 information leak and heap overflow (CVE-2012-{1162,1163})
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Hanno Böck gentoo-dev 2012-03-21 09:40:16 UTC 
See
http://www.nih.at/libzip/NEWS.html
Comment 1 Johannes Huber (RETIRED) gentoo-dev 2012-03-21 11:29:36 UTC 
=dev-libs/libzip-0.10.1 is now in tree.

+  21 Mar 2012; Johannes Huber <johu@gentoo.org> +libzip-0.10.1.ebuild:
+  Version bump. Upstream security bug fix release. Fixes CVE-2012-1162,
+  CVE-2012-1163. Bug #409117.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-03-22 13:49:41 UTC 
Thanks, much.

Arches, please test and mark stable:
=dev-libs/libzip-0.10.1
Target keywords : "amd64 hppa ppc ppc64 x86"
Comment 3 Agostino Sarubbo gentoo-dev 2012-03-23 10:30:10 UTC 
amd64 stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2012-03-23 14:38:58 UTC 
Stable for HPPA.
Comment 5 Brent Baude (RETIRED) gentoo-dev 2012-03-25 14:16:19 UTC 
ppc done
Comment 6 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-03-27 15:01:29 UTC 
x86 stable
Comment 7 Brent Baude (RETIRED) gentoo-dev 2012-03-28 20:10:57 UTC 
ppc64 done
Comment 8 Sean Amoss (RETIRED) gentoo-dev Security 2012-03-28 20:13:33 UTC 
Thanks, everyone. 

Already on existing GLSA request which is ready for review.
Comment 9 Johannes Huber (RETIRED) gentoo-dev 2012-03-28 20:19:53 UTC 
Thanks all. Affected version removed from tree. Remove kde from cc.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2012-03-29 11:44:11 UTC 
This issue was resolved and addressed in
 GLSA 201203-23 at http://security.gentoo.org/glsa/glsa-201203-23.xml
by GLSA coordinator Sean Amoss (ackle).