Summary: | <net-libs/libupnp-1.6.21: Heap buffer overflow in the create_url_list function | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gurligebis, maq, proxy-maint, thev00d00 |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1388771 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=net-libs/libupnp-1.6.21
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 589136 |
Description
Agostino Sarubbo
2016-10-27 08:14:07 UTC
This is fixed in 1.6.21 and also #589136 if you haven't stabled that yet. Ready for stable as the patch is small. (In reply to Ian Whyman (thev00d00) from comment #1) > This is fixed in 1.6.21 and also #589136 if you haven't stabled that yet. Sorry, I don't understand your reference to bug 589136. CVE-2016-8863 is not addressed in that bug and the version we call stable in bug 589136 (v1.6.20) does not include the fix. @ Arches, please test and mark stable: =net-libs/libupnp-1.6.21 @Thomas To clarify I meant that if an arch has yet to stabilise 1.6.20 they can just jump to 1.6.21 as it includes both fixes - meaning they can "kill 2 birds with one stone" so to speak. amd64 stable x86 stable sparc stable arm stable Stable for HPPA. ppc stable Stable on alpha. ppc64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. GLSA request filed. This issue was resolved and addressed in GLSA 201701-52 at https://security.gentoo.org/glsa/201701-52 by GLSA coordinator Aaron Bauman (b-man). @maintainer(s), please cleanup. Old versions dropped from tree. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6aa2e769e864701c8cc7d5953ae4819f2aca985 (In reply to Ian Whyman (thev00d00) from comment #14) > Old versions dropped from tree. > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=b6aa2e769e864701c8cc7d5953ae4819f2aca985 Thank you! |