Summary: | <dev-libs/xerces-c-3.1.4-r1: use after free (CVE-2016-2099) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cpp+disabled |
Priority: | Normal | Flags: | kensington:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/05/09/7 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
=dev-libs/xerces-c-3.1.4-r1
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 575700 |
Description
Agostino Sarubbo
2016-05-30 08:07:56 UTC
the upstream patches was applied to the trunk. See also: http://svn.apache.org/viewvc?view=revision&revision=1747619 http://svn.apache.org/viewvc?view=revision&revision=1747620 3.1.4 contains the fix, please stabilize commit 305cee3cfcf1b0a2a787aad8ae9c5ac854b2533d Author: David Seifert <soap@gentoo.org> Date: Sat Oct 15 11:30:09 2016 +0200 dev-libs/xerces-c: Version bump to 3.1.4 Gentoo-bug: 584506 * EAPI=6 @arches, please stabilize the following: =dev-libs/xerces-c-3.1.4 amd64 stable x86 stable @Jer, why the version change to -r1? -r1 includes the sample binaries in order for ago to perform his fuzzing tests. Hence, please stabilize -r1. Stable on alpha. Stable for HPPA PPC64. An automated check of this bug failed - the following atom is unknown: dev-libs/xerces-c-3.1.4 Please verify the atom list. An automated check of this bug succeeded - the previous repoman errors are now resolved. sparc stable ppc stable. Maintainer(s), please cleanup. All old versions removed. commit 44485bad3bbf280839f823b81a1051e56db5c93f Author: David Seifert <soap@gentoo.org> Date: Wed Dec 21 09:07:45 2016 +0100 dev-libs/xerces-c: Remove old This issue was resolved and addressed in GLSA 201612-46 at https://security.gentoo.org/glsa/201612-46 by GLSA coordinator Aaron Bauman (b-man). |