Summary: | <dev-libs/tre-0.8.0-r2: regex integer overflows in buffer size computations | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | shell-tools, slawomir.nizio |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2016/q4/183 | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=597498 https://github.com/gentoo/gentoo/pull/16158 https://github.com/gentoo/gentoo/pull/16722 |
||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
=dev-libs/tre-0.8.0-r2
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-10-20 12:29:40 UTC
Hey there. I'm not even sure this affects the actual dev-libs/tre package. The official tre repository hasn't been updated in years [1]. You might consider closing this bug. [1]: https://github.com/laurikari/tre/ The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78f82f7cb10835ccf5799706dd752eada3a0e5b9 commit 78f82f7cb10835ccf5799706dd752eada3a0e5b9 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-06-09 23:03:19 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-13 01:56:44 +0000 dev-libs/tre: Security bump Bug: https://bugs.gentoo.org/597616 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/16158 Signed-off-by: Aaron Bauman <bman@gentoo.org> dev-libs/tre/files/0.8.0-CVE-2016-8559.patch | 73 ++++++++++++++++++++++++++++ dev-libs/tre/tre-0.8.0-r2.ebuild | 67 +++++++++++++++++++++++++ 2 files changed, 140 insertions(+) @maintainer(s), please call for stable when ready. x86 stable arm stable ppc stable amd64 stable hppa/sparc stable ppc64: ping ppc64 stable. ---- Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7c292c9776cfb1e55f8d30d0750907d7b298bce commit d7c292c9776cfb1e55f8d30d0750907d7b298bce Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-07-17 03:18:11 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-17 10:32:04 +0000 dev-libs/tre: Security cleanup, drop <0.8.0-r2 Bug: https://bugs.gentoo.org/597616 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/16722 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/tre/tre-0.8.0-r1.ebuild | 64 ---------------------------------------- 1 file changed, 64 deletions(-) This issue was resolved and addressed in GLSA 202007-43 at https://security.gentoo.org/glsa/202007-43 by GLSA coordinator Sam James (sam_c). |