Summary: | <app-arch/tar-1.28: memory corruption flaw in parse_datetime() though embedded gnulib (CVE-2014-9471) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [upstream] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 600518 |
Description
Thomas Deutschmann (RETIRED)
2016-11-22 22:14:58 UTC
the fix was included with the 1.28 release which hit the tree in Jul 2014 and went stable in May 2016. there's another security bug that is forcing 1.29 to go stable too. Was superseded by bug 598334. GLSA for 1.29 was already released. We won't add this issue to the existing GLSA https://security.gentoo.org/glsa/201611-19 because this would require to rewrite the GLSA which we don't do. The severity doesn't require a new one. Repository is clean, all done. |