Summary: | <app-arch/rzip-2.1-r3: Heap-buffer overflow in the read_buf function (CVE-2017-8364) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | maintainer-needed |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/ | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2017-05-09 18:29:49 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5eb9348bf05fc2aa8bb21426e1446223a10fe5e9 commit 5eb9348bf05fc2aa8bb21426e1446223a10fe5e9 Author: David Seifert <soap@gentoo.org> AuthorDate: 2017-12-29 12:45:49 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2017-12-29 13:16:33 +0000 app-arch/rzip: Revbump for CVE-2017-8364 Bug: https://bugs.gentoo.org/618020 Package-Manager: Portage-2.3.19, Repoman-2.3.6 app-arch/rzip/files/rzip-2.1-CVE-2017-8364.patch | 33 ++++++++++++++++++++++ .../{rzip-2.1-r2.ebuild => rzip-2.1-r3.ebuild} | 5 +++- 2 files changed, 37 insertions(+), 1 deletion(-)} Patch added and revbumped, no vulernable ebuilds remaining. |