Summary: | dev-libs/confuse: Out-of-bounds read in src/lexer.l:trim_whitespace() (CVE-2018-14447) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jer, pinkbyte |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/martinh/libconfuse/issues/109 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2018-08-22 23:18:47 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c2385e6d6f176d0dc4a2d91b5a36ea883b89f3f commit 4c2385e6d6f176d0dc4a2d91b5a36ea883b89f3f Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2018-11-26 10:17:07 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2018-11-26 10:17:58 +0000 dev-libs/confuse: Version 3.2.2 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Bug: https://bugs.gentoo.org/664328 Signed-off-by: Jeroen Roovers <jer@gentoo.org> dev-libs/confuse/Manifest | 1 + dev-libs/confuse/confuse-3.2.2.ebuild | 53 +++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=200ea45a05f7777a7bf4538426157d5f5a4e4115 commit 200ea45a05f7777a7bf4538426157d5f5a4e4115 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2018-11-26 10:19:28 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2018-11-26 10:19:51 +0000 dev-libs/confuse: Old Package-Manager: Portage-2.3.52, Repoman-2.3.12 Bug: https://bugs.gentoo.org/664328 Signed-off-by: Jeroen Roovers <jer@gentoo.org> dev-libs/confuse/Manifest | 1 - dev-libs/confuse/confuse-3.2.1.ebuild | 50 ----------------------------------- 2 files changed, 51 deletions(-) 3.0 is still stable and vulnerable 3.1 <= VERSION < 3.2.2 have left the tree. Vulnerable versions was never in stable Closing this as fixed, thanks guys |