| Summary: |
<dev-libs/crypto++-5.6.5-r1: Out-of-bounds read in zinflate (CVE-2017-9434) |
| Product: |
Gentoo Security
|
Reporter: |
Agostino Sarubbo <ago> |
| Component: |
Vulnerabilities | Assignee: |
Gentoo Security <security> |
| Status: |
RESOLVED
FIXED
|
|
|
| Severity: |
minor
|
CC: |
alonbl, crypto+disabled, noloader
|
| Priority: |
Normal
|
Flags: |
stable-bot:
sanity-check+
|
| Version: |
unspecified | |
|
| Hardware: |
All | |
|
| OS: |
Linux | |
|
| URL: |
https://bugzilla.redhat.com/show_bug.cgi?id=1458790
|
| Whiteboard: |
B3 [noglsa cve] |
|
Package list:
|
=dev-libs/crypto++-5.6.5-r1 alpha amd64 arm64 hppa ppc ppc64 sparc x86
|
Runtime testing required:
|
---
|
|---|
From ${URL} : Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter. Upstream issue: https://github.com/weidai11/cryptopp/issues/414 Upstream patch: https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.