Summary: | <dev-libs/libofx-0.9.14: Stack-based buffer over-write in sanitize_proprietary_tags function in lib/ofx_preproc.cpp (CVE-2017-2816) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | maintainer-needed |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1492201 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 662910 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2017-09-18 06:57:13 UTC
Fixed in 0.9.12 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=451fc2c8ff8cb638785cb2a51d722da9e35700e3 commit 451fc2c8ff8cb638785cb2a51d722da9e35700e3 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-08-18 02:06:31 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-08-18 02:13:31 +0000 dev-libs/libofx: bump package * non-maintainer security bump * drop PPC/PPC64 keywords due to new dep on dev-util/gengetopt * move from autotools-utils to autotools eclass * bump EAPI * Update HOMEPAGE and SRC_URI * move RDEPEND deps to DEPEND where they belong Bug: https://bugs.gentoo.org/631304 Bug: https://bugs.gentoo.org/636062 Bug: https://bugs.gentoo.org/662910 Closes: https://bugs.gentoo.org/675152 Signed-off-by: Aaron Bauman <bman@gentoo.org> dev-libs/libofx/Manifest | 1 + dev-libs/libofx/libofx-0.9.14.ebuild | 56 ++++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) This issue was resolved and addressed in GLSA 201908-26 at https://security.gentoo.org/glsa/201908-26 by GLSA coordinator Thomas Deutschmann (whissi). |