Bug 600518 (CVE-2014-9471)

Summary:	[TRACKER] Multiple packages vulnerable to memory corruption flaw in parse_datetime() through embedded gnulib
Product:	Gentoo Security	Reporter:	Thomas Deutschmann (RETIRED) <whissi>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	Keywords:	Tracker
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://seclists.org/oss-sec/2014/q4/782
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=714934
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:	530514, 600520, 600522, 600524, 600526, 600528, 600530, 600532, 600534, 600536
Bug Blocks:

Description Thomas Deutschmann (RETIRED) gentoo-dev

2016-11-22 21:34:47 UTC

See also bug 530514 regarding the upstream gnulib vulnerability reported against coreutils at $URL. As pointed out in https://bugs.gentoo.org/show_bug.cgi?id=530514#c4 several packages contains embedded copies of gnulib.

As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected.

Comment 1 SpanKY gentoo-dev

2016-11-23 19:35:41 UTC

for reference, this is the commit to look for in packages:
http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=a10acfb1d2118f9a180181d3fed5399dbbe1df3c

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2018-01-21 02:11:42 UTC

All dependent bugs closed.