Summary: | <dev-lang/tcc-0.9.27_p20211022: Multiple vulnerabilities (CVE-2019-{9754,12495}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | ajak, dlan |
Priority: | Normal | Keywords: | PATCH |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.nongnu.org/archive/html/tinycc-devel/2019-05/msg00044.html | ||
Whiteboard: | ~3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
D'juan McDonald (domhnall)
2019-06-01 04:34:13 UTC
CVE-2019-9754 (https://nvd.nist.gov/vuln/detail/CVE-2019-9754): An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c. ping(In reply to GLSAMaker/CVETool Bot from comment #1) > CVE-2019-9754 (https://nvd.nist.gov/vuln/detail/CVE-2019-9754): > An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. > Compiling a crafted source file leads to an 1 byte out of bounds write in > the end_macro function in tccpp.c. "Fixed in mob" (https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00042.html). So any snapshot of git would work. Ping The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=717eba5b5cfb78b1438c348882b34c88b3dc173a commit 717eba5b5cfb78b1438c348882b34c88b3dc173a Author: Sam James <sam@gentoo.org> AuthorDate: 2021-10-25 12:34:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-10-25 12:35:11 +0000 dev-lang/tcc: add 0.9.27_p20211022 (glibc-2.34, security fixes) Upstream development seems to just be rolling now too. Closes: https://bugs.gentoo.org/806511 Bug: https://bugs.gentoo.org/737092 Bug: https://bugs.gentoo.org/715428 Bug: https://bugs.gentoo.org/765652 Bug: https://bugs.gentoo.org/687114 Signed-off-by: Sam James <sam@gentoo.org> dev-lang/tcc/Manifest | 1 + dev-lang/tcc/tcc-0.9.27_p20211022.ebuild | 80 ++++++++++++++++++++++++++++++++ dev-lang/tcc/tcc-9999.ebuild | 43 ++++++++++------- 3 files changed, 106 insertions(+), 18 deletions(-) Tree is clean |