Summary: | <net-misc/rsync-3.1.2-r1: Heap-based buffer over-read in receive_xattr function (CVE-2017-16548) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.samba.org/show_bug.cgi?id=13112 | ||
See Also: | https://github.com/gentoo/gentoo/pull/6206 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
=net-misc/rsync-3.1.2-r1
|
Runtime testing required: | --- |
Bug Depends on: | 640570 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2017-11-06 17:53:34 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61f33ecb79092b9b86d8a95da0950215e6194122 commit 61f33ecb79092b9b86d8a95da0950215e6194122 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2017-11-14 22:40:01 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2017-11-14 22:40:01 +0000 net-misc/rsync: Rev bump to fix CVE-2017-16548 Bug: https://bugs.gentoo.org/636714 Package-Manager: Portage-2.3.13, Repoman-2.3.4 .../rsync/files/rsync-3.1.2-CVE-2017-16548.patch | 17 +++++ net-misc/rsync/rsync-3.1.2-r1.ebuild | 89 ++++++++++++++++++++++ 2 files changed, 106 insertions(+)} @ Arches, please test and mark stable: =net-misc/rsync-3.1.2-r1 amd64 stable ppc/ppc64 stable x86 stable ia64 stable Stable on alpha. hppa is already stable by commit 82185532b04f834a3ec3433d259323feaad694ac Author: Jeroen Roovers <jer@gentoo.org> Date: Thu Nov 16 08:58:42 2017 +0100 net-misc/rsync: Stable for HPPA too. sparc stable (thanks to Rolf Eike Beer) arm stable Superseded by bug 640570. Added to an existing GLSA. This issue was resolved and addressed in GLSA 201801-16 at https://security.gentoo.org/glsa/201801-16 by GLSA coordinator Mikle Kolyada (Zlogene). |