Summary: | <sys-fs/squashfs-tools-4.3: Multiple buffer overflows in unsquashfs (CVE-2012-{4024,4025}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | livecd |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
http://bugs.debian.org/683371 https://bugzilla.redhat.com/show_bug.cgi?id=847270 |
||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 542226 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2012-07-20 16:31:09 UTC
I don't know how glsamaker does its job, but there is definitely no progress yet. Upstream git contains fixes now: http://squashfs.git.sourceforge.net/git/gitweb.cgi?p=squashfs/squashfs;a=commit;h=19c38fba0be1ce949ab44310d7f49887576cc123 http://squashfs.git.sourceforge.net/git/gitweb.cgi?p=squashfs/squashfs;a=commit;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e The commit messages lack any attribution to the original reporter of the vulnerabilities though. I have put a snapshot in the tree but I since it has a lot more changes than just the ones we want, maybe it's not ready to go stable quite yet. 4.3 is in the tree since June 2014 and is being marked stable in bug #542226. afaict, this is fixed in the 4.3 release which is already stable New GLSA created. This issue was resolved and addressed in GLSA 201612-40 at https://security.gentoo.org/glsa/201612-40 by GLSA coordinator Aaron Bauman (b-man). |