Summary: | dev-util/valgrind: LZO Denial of Service and Arbitrary Code Execution through embedded code | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Yury German <blueknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED WONTFIX | ||
Severity: | minor | CC: | blueness |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2014/q2/676 | ||
Whiteboard: | B3 [upstream] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 515246 |
Description
Yury German
2014-06-27 00:58:16 UTC
Latest =dev-util/valgrind-3.12.0 still vulnerable ships minilzo v2.06. I pinged upstream: https://sourceforge.net/p/valgrind/mailman/valgrind-developers/thread/d257bd48-3531-ff9c-31fc-1eb281d21354%40gentoo.org/#msg35507757 Agreed with upstream. |