Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 607794 (CVE-2017-5601)

Summary: <app-arch/libarchive-3.2.2-r1: heap overflow
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: bsd+disabled, glsamaker
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9
Whiteboard: B3 [noglsa cve]
Package list:
=app-arch/libarchive-3.2.2-r1 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Runtime testing required: No

Description Agostino Sarubbo gentoo-dev 2017-01-31 12:38:28 UTC
From ${URL} :

Fixes a heap buffer overflow reported in Secunia SA74169



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Adam Feldman gentoo-dev 2017-02-11 17:16:19 UTC
Please stabilize =app-arch/libarchive-3.2.2-r1 on all arches that were stable for =3.2.2 (alpha amd64 arm hppa ia64 ppc ppc64 sparc x86)
Comment 2 Agostino Sarubbo gentoo-dev 2017-02-13 11:13:27 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2017-02-14 15:40:03 UTC
x86 stable
Comment 4 Tobias Klausmann (RETIRED) gentoo-dev 2017-02-15 14:23:43 UTC
Stable on alpha.
Comment 5 Markus Meier gentoo-dev 2017-02-15 17:52:09 UTC
arm stable
Comment 6 Michael Weber (RETIRED) gentoo-dev 2017-02-16 18:46:48 UTC
ppc ppc64 stable.
Comment 7 Agostino Sarubbo gentoo-dev 2017-02-17 10:59:48 UTC
sparc stable
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2017-02-18 12:05:33 UTC
Stable for HPPA.
Comment 9 Agostino Sarubbo gentoo-dev 2017-02-18 14:47:17 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 10 Thomas Deutschmann (RETIRED) gentoo-dev 2017-02-18 17:49:25 UTC
GLSA Vote: No
Comment 11 Yury German Gentoo Infrastructure gentoo-dev 2017-05-03 16:23:04 UTC
*** Bug 617408 has been marked as a duplicate of this bug. ***
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2017-07-09 21:22:16 UTC
Tree is clean.