Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 631130

Summary: <net-dns/libidn-1.33-r2: Integer overflow results in denial of service (CVE-2017-14062)
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: jer
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
=net-dns/libidn-1.33-r2
Runtime testing required: ---

Description Aleksandr Wagner (Kivak) 2017-09-16 16:15:16 UTC
In bug 629466 Jeroen Roovers found that net-dns/libidn is vulnerible to the same CVE that net-dns/libidn2 is.

References:

http://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commit;h=e9e81b8063b095b02cf104bb992fa9bf9515b9d8

@Maintainer: Please state when this package is ready for stabilization as the patch has been added.
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2017-10-05 11:18:25 UTC
Needs another libidn commit, it seems.
http://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commit;h=6c8a9375641ca283b50f9680c90dcd57f9c44798
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-01-23 01:58:43 UTC
@arches, please stabilize.
Comment 3 Agostino Sarubbo gentoo-dev 2018-01-23 16:42:30 UTC
amd64 stable
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-01-26 18:22:09 UTC
x86 stable
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2018-01-28 18:23:27 UTC
Stable on alpha.
Comment 6 Markus Meier gentoo-dev 2018-02-05 21:20:24 UTC
arm stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2018-02-05 23:22:36 UTC
ia64 stable
Comment 8 Mart Raudsepp gentoo-dev 2018-03-03 14:18:38 UTC
arm64 stable
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-04 10:16:42 UTC
ppc stable
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-04 19:47:23 UTC
commit 498c8ad85ef008c556f801bd887af6270c105040
Author: Jeroen Roovers <jer@gentoo.org>
Date:   Sun Mar 4 14:22:16 2018 +0100

    net-dns/libidn: Stable for HPPA too.
Comment 11 Matt Turner gentoo-dev 2018-03-12 01:53:59 UTC
ppc64 done. last arch done
Comment 12 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-03-12 17:55:50 UTC
@Maintainer please proceed to clean tree from vulnerable versions.

GLSA Vote: No
Comment 13 Aaron Bauman (RETIRED) gentoo-dev 2018-04-23 02:43:45 UTC
@maintainer, please clean the vulnerable.