Summary: | <net-libs/miniupnpc-2.0.20170509: buffer overflow (TALOS-2015-0035) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Luke-Jr <luke-jr+gentoobugs> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hasufell, mgorny, nikoli, proxy-maint |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://talosintel.com/reports/TALOS-2015-0035/ | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
net-libs/miniupnpc-2.0.20170509
|
Runtime testing required: | --- |
Description
Luke-Jr
2015-10-09 20:44:46 UTC
afais this is fixed since net-libs/miniupnpc-1.9.20150917-r1 so we need to stabilize this or backport it to 1.8 see https://github.com/miniupnp/miniupnp/commit/2f5cc790339cf69871162dcf535c1c5f08b836be Can we get a statement from the maintainer? $ git tag --contains 2f5cc790339cf69871162dcf535c1c5f08b836be | sort minissdpd_1_5 miniupnpc_2_0 miniupnpd_2_0 @ Maintainer(s): Please bump to >=net-libs/miniupnpc-2.0 (https://github.com/miniupnp/miniupnp/releases/tag/miniupnpc_2_0). current status in tree: Keywords for net-libs/miniupnpc: | | u | | a a p a n r s | n | | l m h i p r m m i i s p | e u s | r | p d a p a p c x m i 6 o s 3 a | a s l | e | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o | p | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t | o -------------+---------------------------------+----------+------- 1.8 | o + + + o + + + o ~ o o o o o + | 5 o 0 | gentoo -------------+---------------------------------+----------+------- 1.9.20151008 | o + + + o + + + o ~ o o o o o + | 5 o 0/14 | gentoo -------------+---------------------------------+----------+------- 2.0.20161216 | o ~ ~ ~ o ~ ~ ~ o ~ o o o o o ~ | 6 # 0/16 | gentoo 2.0.20170509 | o + + ~ o + + + ~ ~ o o o o o + | 6 o | gentoo Gentoo Security Padawan ChrisADR hppa arch please stabilize. hppa stable All arches stabilized, maintainter(s), please cleanup, thank you! Gentoo Security Padawan (Jmbailey/mbailey_j) It was cleaned Jan 2 already: Keywords for net-libs/miniupnpc: | | u | | a a p a n r s | n | | l m h i p r m m i i s p | e u s | r | p d a p a p c x m i 6 o s 3 a | a s l | e | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o | p | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t | o ----------------+---------------------------------+----------+------- 2.0.20170509 | o + + + o + + + ~ ~ o o o o o + | 6 o 0/16 | gentoo [I]2.0.20171212 | o ~ ~ ~ o ~ ~ ~ ~ ~ o o o o o ~ | 6 o | gentoo glsa request has already been filed This issue was resolved and addressed in GLSA 201801-08 at https://security.gentoo.org/glsa/201801-08 by GLSA coordinator Aaron Bauman (b-man). |