Summary: | <sys-apps/busybox-1.24.1: unzip: pointer misuse lead to a crash | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | embedded |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/10/25/3 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-10-27 08:43:56 UTC
added upstream fix to the 1.24.1 release (In reply to SpanKY from comment #1) > added upstream fix to the 1.24.1 release Thanks you for the bump. Is it ready for stabilization or should we leave it in tree a little bit? should be fine to go stable now Arches, please test and mark stable: =sys-apps/busybox-1.24.1 Target Keywords : "amd64 arm hppa ppc ppc64 x86" Thank you! amd64 stable Stable for PPC64. Stable for HPPA. arm stable ppc stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. So I think some of the KEYWORDS got lost through the version bumps. Looks like we might need stabilization for alpha, ia64, sparc Maintainers please advise. should be fixed now with: http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=58892cd826270f5d676679420f0edde126a9398e vapier: Thanks for the fix GLSA Vote: No Maintainer(s), please drop the vulnerable version(s). (In reply to Yury German from comment #13) > vapier: Thanks for the fix > GLSA Vote: No > > Maintainer(s), please drop the vulnerable version(s). Sorry wrong on my part. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). It has been 30 days since cleanup was requested. Maintainer(s), please drop the vulnerable version(s). CVE is not going to be assigned http://www.openwall.com/lists/oss-security/2015/11/03/11 This issue was resolved and addressed in GLSA 201612-04 at https://security.gentoo.org/glsa/201612-04 by GLSA coordinator Aaron Bauman (b-man). |