| Summary: | <sys-devel/patch-2.7.6-r3: Double free of memory in pch.c:another_hunk() causes a crash (CVE-2018-6952) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | base-system |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | A3 [glsa+ cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 652710 | ||
| Bug Blocks: | |||
|
Description
GLSAMaker/CVETool Bot
2018-02-16 00:33:40 UTC
Upstream fix: http://git.savannah.nongnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300 Hopefully, it will be in the next release. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c55ece4eee17a954740b8ecc03b1cb8ed58c123 commit 5c55ece4eee17a954740b8ecc03b1cb8ed58c123 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-03-28 00:32:30 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-03-28 00:33:05 +0000 sys-devel/patch: add patches for CVE-2018-{6951,6952}, CVE-2018-1000156 Bug: https://bugs.gentoo.org/647792 Bug: https://bugs.gentoo.org/647794 Bug: https://bugs.gentoo.org/652710 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> .../patch/files/patch-2.7.6-CVE-2018-1000156.patch | 150 +++++++++++++++++++++ .../patch/files/patch-2.7.6-CVE-2018-6951.patch | 29 ++++ .../patch/files/patch-2.7.6-CVE-2018-6952.patch | 30 +++++ ...-files-to-be-missing-for-ed-style-patches.patch | 25 ++++ sys-devel/patch/patch-2.7.6-r3.ebuild | 40 ++++++ 5 files changed, 274 insertions(+) This issue was resolved and addressed in GLSA 201904-17 at https://security.gentoo.org/glsa/201904-17 by GLSA coordinator Aaron Bauman (b-man). |