Summary: | <net-libs/miniupnpc-2.0.20171212: buffer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Luke-Jr <luke-jr+gentoobugs> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chutzpah, mgorny |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/miniupnp/miniupnp/issues/268 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-libs/miniupnpc-2.0.20171212
|
Runtime testing required: | No |
Description
Luke-Jr
2018-02-16 17:31:26 UTC
@Maintainers could you confirm if we are affected? Maybe 2.0.20171212 is affected, could you clean it if that's the case? Thank you. Both miniupnpd and miniupnpc versions 2.0.20171212 contain the patch from the GitHub issue. (In reply to Patrick McLean from comment #2) > Both miniupnpd and miniupnpc versions 2.0.20171212 contain the patch from > the GitHub issue. Thanks, resolving as INVALID then. What about 2.0.20170509? (In reply to Luke-Jr from comment #4) > What about 2.0.20170509? Oh, sorry, totally missed that one, I tracked miniupnpd instead of miniupnpc... you are right, @maintainers please call for stabilization when ready. Thank you again Luke, =net-libs/miniupnpc-2.0.20171212 still needs to be stabilized and then cleaned. net-misc/miniupnpd was never stable and is cleaned already. @arches, please stabilize. commit e468d3a806be2cc0338e68c3b1a05a72d06501d8 Author: Markus Meier <maekke@gentoo.org> Date: Wed Mar 28 07:03:44 2018 +0200 net-libs/miniupnpc: arm stable, bug #646550 ppc64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10492091c3daa3562289d0c994988fead61d459e commit 10492091c3daa3562289d0c994988fead61d459e Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-04-20 06:57:01 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-20 06:57:01 +0000 net-libs/miniupnpc: stable 2.0.20171212 for ppc, bug #647890 Bug: https://bugs.gentoo.org/647890 Package-Manager: Portage-2.3.28, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" net-libs/miniupnpc/miniupnpc-2.0.20171212.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} hppa stable GLSA Vote: No @maintainer(s), please clean the vulnerable. Ping Maintainer(s), Please clean vulnerable. Michael Boyle Gentoo Security Padawan 7480bca9a03d61e1eeef3e7a11cbfedf02921710 cleaned up vulnerable. (In reply to Andreas Sturmlechner from comment #13) > 7480bca9a03d61e1eeef3e7a11cbfedf02921710 cleaned up vulnerable. Thanks, Andreas! |