Summary: | <sys-libs/musl-1.1.18: Buffer overflow vulnerability (CVE-2017-15650) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | blueness, lu_zero, toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://git.musl-libc.org/cgit/musl/tree/WHATSNEW | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2017-10-31 15:16:29 UTC
@Maintainers please confirm if we are affected, call for stabilization when ready in that case. Thank you (In reply to Christopher Díaz from comment #1) > @Maintainers please confirm if we are affected, call for stabilization when > ready in that case. > > Thank you We are. Since this is a libc I will take care of the stabilization on all arches. I've already stabilized amd64 and x86, and will work on arm and ppc next. This can be closed now. 1.1.16 is still in the tree and is vulnerable. (In reply to Aaron Bauman from comment #4) > 1.1.16 is still in the tree and is vulnerable. I'll try to get to arm and ppc soon, but its a lot of work to build the stage3's. (In reply to Anthony Basile from comment #5) > (In reply to Aaron Bauman from comment #4) > > 1.1.16 is still in the tree and is vulnerable. > > I'll try to get to arm and ppc soon, but its a lot of work to build the > stage3's. Understandable and thanks! (In reply to Aaron Bauman from comment #6) > (In reply to Anthony Basile from comment #5) > > (In reply to Aaron Bauman from comment #4) > > > 1.1.16 is still in the tree and is vulnerable. > > > > I'll try to get to arm and ppc soon, but its a lot of work to build the > > stage3's. > > Understandable and thanks! okay all done. versions < 1.1.18 are all off the tree. |