Summary: | <sys-libs/musl-1.1.15-r2: libc regex integer overflows in buffer size computations (CVE-2016-8859) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | blueness, felix.janda, lu_zero, toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/musl/2016/10/18/2 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=597616 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
2016-10-19 00:11:09 UTC
I just put musl-1.1.15-r2.ebuild on the tree which has this fix. Since I do the stabilization I will test in a few days and stabilize on all supported arches. Like Anthony wrote a patched ebuild is already in tree:
> commit 82e8189213284403928b9ffe36eded866609991d
> Author: Felix Janda
> Date: Tue Oct 18 19:08:21 2016 -0400
>
> sys-libs/musl: add two upstream patches
>
> The first patch fixes the bug reported at
>
> https://lists.freedesktop.org/archives/xcb/2016-October/010864.html
>
> A CVE has been requested for the second patch:
>
> http://www.openwall.com/lists/musl/2016/10/18/2
@ Maintainer: Please start stabilization (CC arches & set keyword) when ready and let us know about the progress.
(In reply to Thomas Deutschmann from comment #2) > > @ Maintainer: Please start stabilization (CC arches & set keyword) when > ready and let us know about the progress. It has been stabilized. This issue was resolved and addressed in GLSA 201701-11 at https://security.gentoo.org/glsa/201701-11 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for cleanup. @ Maintainer(s): Please drop =sys-libs/musl-1.1.15 Cleanup PR: https://github.com/gentoo/gentoo/pull/3387 Cleaned up via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78404f8f8ea9b5dde8d59e4fec442c090328ee65 All done, closing ... |