Summary: | <sys-libs/glibc-2.31-r7: iconv program can hang when invoked with the -c option | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceware.org/bugzilla/show_bug.cgi?id=19519 | ||
See Also: | https://sourceware.org/bugzilla/show_bug.cgi?id=19519 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 751955, 759640 | ||
Bug Blocks: |
Description
Thomas Deutschmann (RETIRED)
2017-03-01 23:38:04 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af0c4db7d53eafd2a797c082f85662c945ad01de commit af0c4db7d53eafd2a797c082f85662c945ad01de Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2020-09-25 19:42:22 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2020-09-25 19:42:40 +0000 sys-libs/glibc: Re-keyword 2.31 patchlevel 9 This contains the following fixes: * Rewrite iconv option parsing [BZ #19519] * powerpc: Fix incorrect cache line size load in memset (bug 26332) * nptl: Zero-extend arguments to SETXID syscalls [BZ #26248] * Disable warnings due to deprecated libselinux symbols used by nss and nscd Bug: https://bugs.gentoo.org/736904 Bug: https://bugs.gentoo.org/611344 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> sys-libs/glibc/glibc-2.31-r7.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Now that 2.32-r3 is stabilized, is it possible to cleanup the vulnerable versions here? (In reply to John Helmert III (ajak) from comment #2) > Now that 2.32-r3 is stabilized, is it possible to cleanup the vulnerable > versions here? Wrong bug? (In reply to Sam James from comment #3) > (In reply to John Helmert III (ajak) from comment #2) > > Now that 2.32-r3 is stabilized, is it possible to cleanup the vulnerable > > versions here? > > Wrong bug? Oh, no, I was thinking of the 2.32 iconv bug. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35d4ea74c32998a497e695559fc534bc1a324b88 commit 35d4ea74c32998a497e695559fc534bc1a324b88 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2021-01-22 21:33:10 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2021-01-22 21:33:10 +0000 package.mask: Extend glibc mask Bug: https://bugs.gentoo.org/611344 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) All affected versions are masked. No cleanup (toolchain). Please proceed. This issue was resolved and addressed in GLSA 202101-20 at https://security.gentoo.org/glsa/202101-20 by GLSA coordinator Aaron Bauman (b-man). |