Summary: | <net-misc/curl-7.52.0: printf floating point buffer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | blueness |
Priority: | Normal | Flags: | kensington:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://curl.haxx.se/docs/adv_20161221A.html | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=net-misc/curl-7.52.0
=net-dns/libidn2-0.11
|
Runtime testing required: | --- |
Bug Depends on: | 603574 | ||
Bug Blocks: | 597760 |
Description
Kristian Fiskerstrand (RETIRED)
2016-12-21 19:47:36 UTC
This is in the tree now. @ Arches, please test and mark stable: =net-misc/curl-7.52.0 Some arches still have to re-keyword curl itself _and_ =net-dns/libidn2-0.11. =net-misc/curl-7.52.0 introduced a new vulnerability and was superseded; Moving to bug 603574 (In reply to Thomas Deutschmann from comment #2) > @ Arches, > > please test and mark stable: =net-misc/curl-7.52.0 > > Some arches still have to re-keyword curl itself _and_ =net-dns/libidn2-0.11. Upstream just bumped to 7.52.1 to address a bug. Please proceed with that. This issue was resolved and addressed in GLSA 201701-47 at https://security.gentoo.org/glsa/201701-47 by GLSA coordinator Thomas Deutschmann (whissi). |