Summary: | <net-libs/libsoup-2.56.1: stack based buffer overflow with HTTP Chunked Encoding | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | gnome |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2017/08/10/1 | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: |
net-libs/libsoup-2.56.1
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2017-08-10 15:43:53 UTC
Hello security, just pushed 2.56.1 it the tree. It is ready for stabilization as it appears to contain no other change to the already stable 2.56.0. ia64 stable arm stable amd64 stable x86 stable Stable on alpha. sparc was dropped to exp. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9 Since bug 630516 is no regression and 2.56.1 has far less failing tests on sparc than the currently stable 2.56.0 I would suggest marking 2.56.1 stable on sparc. stable for hppa/sparc (thanks to Rolf Eike Beer) ppc64 stable ppc stable Last arch is done here. Test failures don't block sec bugs. New GLSA Request filed. @Maintainers please remove vulnerable versions. Gentoo Security Padawan ChrisADR The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3eef0539cac8c5876d9f409e33f095de38ce18c commit a3eef0539cac8c5876d9f409e33f095de38ce18c Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2017-09-26 09:39:07 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2017-09-26 09:40:30 +0000 net-libs/libsoup: security cleanup Bug: https://bugs.gentoo.org/627466 Package-Manager: Portage-2.3.8, Repoman-2.3.2 net-libs/libsoup/Manifest | 1 - net-libs/libsoup/libsoup-2.56.0.ebuild | 88 ---------------------------------- 2 files changed, 89 deletions(-)} This issue was resolved and addressed in GLSA 201709-26 at https://security.gentoo.org/glsa/201709-26 by GLSA coordinator Aaron Bauman (b-man). |