Summary: | <sys-libs/glibc-2.30-r6 : x32 memcmp can treat positive length as 0 (if sign bit in RDX is set) (CVE-2019-7309) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | toolchain |
Priority: | Low | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
URL: | https://sourceware.org/bugzilla/show_bug.cgi?id=24155 | ||
Whiteboard: | A4 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 712726 | ||
Bug Blocks: |
Description
D'juan McDonald (domhnall)
2019-02-04 18:56:38 UTC
Fixed in 2.30 Unable to check for sanity:
> dependent bug #712726 is missing keywords
Resetting sanity check; package list is empty or all packages are done. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cce133930b2d85cd8bed66715857ccf550048bbd commit cce133930b2d85cd8bed66715857ccf550048bbd Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2020-05-04 18:35:42 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2020-05-04 18:37:12 +0000 package.mask: Update old glibc mask, now masking <2.30-r8 Bug: https://bugs.gentoo.org/712726 Bug: https://bugs.gentoo.org/677272 Bug: https://bugs.gentoo.org/679044 Bug: https://bugs.gentoo.org/711558 Bug: https://bugs.gentoo.org/717938 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Removed from tree, adding to GLSA This issue was resolved and addressed in GLSA 202006-04 at https://security.gentoo.org/glsa/202006-04 by GLSA coordinator Aaron Bauman (b-man). |