Summary: | <net-irc/weechat-1.7.1: Buffer overflow in the irc_ctcp_dcc_filename_without_quotes function | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | radhermit, ruby, scarabeus |
Priority: | Normal | Flags: | stable-bot:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1444880 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
net-irc/weechat-1.7.1
dev-ruby/asciidoctor-1.5.5-r1
dev-scheme/guile-2.0.14-r2
dev-ruby/asciimath-1.0.4
dev-ruby/haml-4.0.7-r1
dev-ruby/slim-3.0.7-r1
dev-ruby/rails-4.2.8
|
Runtime testing required: | --- |
Bug Depends on: | 596074 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2017-04-26 07:59:13 UTC
It's already in the tree, feel free to stabilize it (x86 will need more deps keyworded as bug #596074 is lagging). Arches, please test and mark stable: =net-irc/weechat-1.7.1 Target Keywords : "amd64 x86" Thank you! An automated check of this bug failed - repoman reported dependency errors (51 lines truncated):
> dependency.bad net-irc/weechat/weechat-1.7.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-scheme/guile-2.0', '>=dev-ruby/asciidoctor-1.5.4']
> dependency.bad net-irc/weechat/weechat-1.7.1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-scheme/guile-2.0']
> dependency.bad net-irc/weechat/weechat-1.7.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-scheme/guile-2.0', '>=dev-ruby/asciidoctor-1.5.4']
*Retry* An automated check of this bug failed - repoman reported dependency errors (51 lines truncated):
> dependency.bad net-irc/weechat/weechat-1.7.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-scheme/guile-2.0', '>=dev-ruby/asciidoctor-1.5.4']
> dependency.bad net-irc/weechat/weechat-1.7.1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-scheme/guile-2.0']
> dependency.bad net-irc/weechat/weechat-1.7.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-scheme/guile-2.0', '>=dev-ruby/asciidoctor-1.5.4']
An automated check of this bug failed - repoman reported dependency errors (29 lines truncated):
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['dev-ruby/asciimath[ruby_targets_ruby21]', 'dev-ruby/haml[ruby_targets_ruby21]', 'dev-ruby/slim[ruby_targets_ruby21]', 'dev-ruby/asciimath[ruby_targets_ruby22]', 'dev-ruby/haml[ruby_targets_ruby22]', 'dev-ruby/slim[ruby_targets_ruby22]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['dev-ruby/asciimath[ruby_targets_ruby21]', 'dev-ruby/haml[ruby_targets_ruby21]', 'dev-ruby/slim[ruby_targets_ruby21]', 'dev-ruby/asciimath[ruby_targets_ruby22]', 'dev-ruby/haml[ruby_targets_ruby22]', 'dev-ruby/slim[ruby_targets_ruby22]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop/gnome) ['dev-ruby/asciimath[ruby_targets_ruby21]', 'dev-ruby/haml[ruby_targets_ruby21]', 'dev-ruby/slim[ruby_targets_ruby21]', 'dev-ruby/asciimath[ruby_targets_ruby22]', 'dev-ruby/haml[ruby_targets_ruby22]', 'dev-ruby/slim[ruby_targets_ruby22]']
An automated check of this bug failed - repoman reported dependency errors (87 lines truncated):
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-util/cucumber[ruby_targets_ruby23]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-ruby/tilt[ruby_targets_ruby21]', 'dev-ruby/tilt[ruby_targets_ruby22]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0/desktop) ['dev-util/cucumber[ruby_targets_ruby23]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby21]', '>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]', 'dev-ruby/redcarpet[ruby_targets_ruby21]', 'dev-ruby/redcarpet[ruby_targets_ruby22]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby21]', '>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby21]', '>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]', 'dev-ruby/redcarpet[ruby_targets_ruby21]', 'dev-ruby/redcarpet[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['dev-ruby/rails:4.2[ruby_targets_ruby21]', 'dev-ruby/rails:4.2[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['dev-ruby/rails:4.2[ruby_targets_ruby21]', 'dev-ruby/rails:4.2[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop/gnome) ['dev-ruby/rails:4.2[ruby_targets_ruby21]', 'dev-ruby/rails:4.2[ruby_targets_ruby22]']
tested on amd64, weechat works well, the deps problems come with the "doc" USE flag which depends on asciidoctor and a lot of other dev-ruby packages that need to be tested. @Arches please consider disabling doc flag until all the ruby deps can be solved. Gentoo Security Padawan ChrisADR hmm, haml wants rails as well (which was dropped to the testing branch some time ago). @ruby, how should we proceed? An automated check of this bug failed - the following atom is unknown: dev-scheme/guile-2.0.14 Please verify the atom list. An automated check of this bug failed - repoman reported dependency errors (116 lines truncated):
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-util/cucumber[ruby_targets_ruby23]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-ruby/tilt[ruby_targets_ruby22]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0/desktop) ['dev-util/cucumber[ruby_targets_ruby23]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-ruby/tilt:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: RDEPEND: x86(default/linux/x86/13.0) ['dev-ruby/tilt:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: DEPEND: x86(default/linux/x86/13.0/desktop) ['dev-ruby/tilt:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]', 'dev-ruby/redcarpet[ruby_targets_ruby22]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]', 'dev-ruby/redcarpet[ruby_targets_ruby22]']
> dependency.bad dev-ruby/rails/rails-4.2.8.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['~dev-ruby/actionmailer-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionpack-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionview-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activejob-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activemodel-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activerecord-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activesupport-4.2.8[ruby_targets_ruby22]', '~dev-ruby/railties-4.2.8[ruby_targets_ruby22]', 'dev-ruby/sprockets-rails:*[ruby_targets_ruby22]', 'dev-ruby/jquery-rails:*[ruby_targets_ruby22]', '>=dev-ruby/sass-rails-5.0:5.0[ruby_targets_ruby22]', '>=dev-ruby/uglifier-1.3.0:*[ruby_targets_ruby22]', '>=dev-ruby/coffee-rails-4.1.0:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/rails/rails-4.2.8.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['~dev-ruby/actionmailer-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionpack-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionview-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activejob-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activemodel-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activerecord-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activesupport-4.2.8[ruby_targets_ruby22]', '~dev-ruby/railties-4.2.8[ruby_targets_ruby22]', 'dev-ruby/sprockets-rails:*[ruby_targets_ruby22]', 'dev-ruby/jquery-rails:*[ruby_targets_ruby22]', '>=dev-ruby/sass-rails-5.0:5.0[ruby_targets_ruby22]', '>=dev-ruby/uglifier-1.3.0:*[ruby_targets_ruby22]', '>=dev-ruby/coffee-rails-4.1.0:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/rails/rails-4.2.8.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['~dev-ruby/actionmailer-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionpack-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionview-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activejob-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activemodel-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activerecord-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activesupport-4.2.8[ruby_targets_ruby22]', '~dev-ruby/railties-4.2.8[ruby_targets_ruby22]', 'dev-ruby/sprockets-rails:*[ruby_targets_ruby22]', 'dev-ruby/jquery-rails:*[ruby_targets_ruby22]', '>=dev-ruby/sass-rails-5.0:5.0[ruby_targets_ruby22]', '>=dev-ruby/uglifier-1.3.0:*[ruby_targets_ruby22]', '>=dev-ruby/coffee-rails-4.1.0:*[ruby_targets_ruby22]']
An automated check of this bug failed - repoman reported dependency errors (116 lines truncated):
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-util/cucumber[ruby_targets_ruby23]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-ruby/tilt[ruby_targets_ruby22]']
> dependency.bad dev-ruby/asciidoctor/asciidoctor-1.5.5-r1.ebuild: DEPEND: x86(default/linux/x86/13.0/desktop) ['dev-util/cucumber[ruby_targets_ruby23]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]', 'dev-ruby/redcarpet[ruby_targets_ruby22]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]']
> dependency.bad dev-ruby/slim/slim-3.0.7-r1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=dev-ruby/temple-0.7.6:0.7[ruby_targets_ruby22]', 'dev-ruby/redcarpet[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-ruby/tilt:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: RDEPEND: x86(default/linux/x86/13.0) ['dev-ruby/tilt:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/haml/haml-4.0.7-r1.ebuild: DEPEND: x86(default/linux/x86/13.0/desktop) ['dev-ruby/tilt:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/rails/rails-4.2.8.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['~dev-ruby/actionmailer-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionpack-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionview-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activejob-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activemodel-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activerecord-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activesupport-4.2.8[ruby_targets_ruby22]', '~dev-ruby/railties-4.2.8[ruby_targets_ruby22]', 'dev-ruby/sprockets-rails:*[ruby_targets_ruby22]', 'dev-ruby/jquery-rails:*[ruby_targets_ruby22]', '>=dev-ruby/sass-rails-5.0:5.0[ruby_targets_ruby22]', '>=dev-ruby/uglifier-1.3.0:*[ruby_targets_ruby22]', '>=dev-ruby/coffee-rails-4.1.0:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/rails/rails-4.2.8.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['~dev-ruby/actionmailer-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionpack-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionview-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activejob-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activemodel-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activerecord-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activesupport-4.2.8[ruby_targets_ruby22]', '~dev-ruby/railties-4.2.8[ruby_targets_ruby22]', 'dev-ruby/sprockets-rails:*[ruby_targets_ruby22]', 'dev-ruby/jquery-rails:*[ruby_targets_ruby22]', '>=dev-ruby/sass-rails-5.0:5.0[ruby_targets_ruby22]', '>=dev-ruby/uglifier-1.3.0:*[ruby_targets_ruby22]', '>=dev-ruby/coffee-rails-4.1.0:*[ruby_targets_ruby22]']
> dependency.bad dev-ruby/rails/rails-4.2.8.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['~dev-ruby/actionmailer-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionpack-4.2.8[ruby_targets_ruby22]', '~dev-ruby/actionview-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activejob-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activemodel-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activerecord-4.2.8[ruby_targets_ruby22]', '~dev-ruby/activesupport-4.2.8[ruby_targets_ruby22]', '~dev-ruby/railties-4.2.8[ruby_targets_ruby22]', 'dev-ruby/sprockets-rails:*[ruby_targets_ruby22]', 'dev-ruby/jquery-rails:*[ruby_targets_ruby22]', '>=dev-ruby/sass-rails-5.0:5.0[ruby_targets_ruby22]', '>=dev-ruby/uglifier-1.3.0:*[ruby_targets_ruby22]', '>=dev-ruby/coffee-rails-4.1.0:*[ruby_targets_ruby22]']
(In reply to Mikle Kolyada from comment #9) > hmm, haml wants rails as well (which was dropped to the testing branch some > time ago). > > @ruby, how should we proceed? The ruby team currently doesn't have the man-power to handle stable rails versions, see bug 574490. Even if we did it would take weeks to get the huge set of packages together. Probably best to use.stable.package.mask the doc USE flag. I'll ask upstream to just generate the docs in their release tarballs so we don't even have this issue in the future. https://github.com/weechat/weechat/issues/1062 The issue was closed, maybe is time to reconsider to mask doc flag to be able to close the report. Gentoo Security Padawan ChrisADR (In reply to Christopher Díaz from comment #15) > The issue was closed, maybe is time to reconsider to mask doc flag to be > able to close the report. > > Gentoo Security Padawan > ChrisADR Relevant USE flags now masked or stable masked and 1.9 stabilized for amd64 and x86 in the tree. (In reply to Tim Harder from comment #16) > > Relevant USE flags now masked or stable masked and 1.9 stabilized for amd64 > and x86 in the tree. Thank you very much. Tree is clean now. @Security please add to an existing glsa or file a new one. Gentoo Security Padawan ChrisADR Downgraded due to remote crash. GLSA Vote: No |