Summary: | <dev-util/ctags-20190331: denial of service (CVE-2014-7204) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | vim |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1147339 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
dev-util/ctags-20190331
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-09-29 10:26:13 UTC
CVE-2014-7204 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7204): jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. @maintainers, can you include the attached patch or should this be considered a WONTFIX? @maintainers could you confirm if ctags-20161028 is still affected? Thank you The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e51c2e662a365f1b3923462d52a8151c3c03de80 commit e51c2e662a365f1b3923462d52a8151c3c03de80 Author: Patrice Clement <monsieurp@gentoo.org> AuthorDate: 2019-03-31 18:19:53 +0000 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: 2019-03-31 18:20:13 +0000 dev-util/ctags: version bump. Bug: https://bugs.gentoo.org/524004 Signed-off-by: Patrice Clement <monsieurp@gentoo.org> Package-Manager: Portage-2.3.62, Repoman-2.3.11 dev-util/ctags/Manifest | 1 + dev-util/ctags/ctags-20190331.ebuild | 71 ++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+) x86 stable amd64 stable sparc stable arm stable ia64 stable s390 stable arm64 stable alpha stable hppa stable ppc64 stable ppc stable. Maintainer(s), please cleanup. Security, please vote. |