Summary: | <app-arch/unzip-6.0_p25: DoS via ZIP bomb | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | Keywords: | STABLEREQ |
Version: | unspecified | Flags: | stable-bot:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+ cve glsa+] | ||
Package list: |
app-arch/unzip-6.0_p25
|
Runtime testing required: | --- |
Bug Depends on: | 698694 | ||
Bug Blocks: | 647008 |
Description
Hanno Böck
2019-08-06 13:49:07 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fbf679e99554488d9d20c3cecaf4063733f70e6f commit fbf679e99554488d9d20c3cecaf4063733f70e6f Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-08-10 15:46:38 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-08-10 17:07:29 +0000 app-arch/unzip: bump to Debian patchset 25 Bug: https://bugs.gentoo.org/647008 Bug: https://bugs.gentoo.org/691566 Signed-off-by: Aaron Bauman <bman@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/12670 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-arch/unzip/Manifest | 1 + app-arch/unzip/unzip-6.0_p25.ebuild | 86 +++++++++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+) @base-system, please call for stable when ready. amd64 stable arm stable arm64 stable s390 stable alpha stable hppa stable sparc stable ppc64 stable ia64 stable Looking good on ppc. Tests fail like on other 32-bit arches (bug #698694). # cat unzip-691566.report USE tests started on Di 21. Jan 01:08:56 CET 2020 FEATURES=' test' failed for =app-arch/unzip-6.0_p25 USE='-bzip2 -natspec -unicode' succeeded for =app-arch/unzip-6.0_p25 USE='bzip2 -natspec -unicode' succeeded for =app-arch/unzip-6.0_p25 USE='-bzip2 natspec -unicode' succeeded for =app-arch/unzip-6.0_p25 USE='bzip2 natspec -unicode' succeeded for =app-arch/unzip-6.0_p25 USE='-bzip2 -natspec unicode' succeeded for =app-arch/unzip-6.0_p25 USE='bzip2 -natspec unicode' succeeded for =app-arch/unzip-6.0_p25 USE='-bzip2 natspec unicode' succeeded for =app-arch/unzip-6.0_p25 USE='bzip2 natspec unicode' succeeded for =app-arch/unzip-6.0_p25 revdep tests started on Di 21. Jan 01:28:32 CET 2020 FEATURES=' test' USE='web' succeeded for net-analyzer/nagios-core FEATURES=' test' USE='' succeeded for app-admin/analog FEATURES=' test' USE='-minimal' succeeded for app-misc/unfoo FEATURES=' test' USE='' succeeded for www-misc/htdig FEATURES=' test' USE='' succeeded for app-vim/rainbow_parentheses FEATURES=' test' USE='' succeeded for app-vim/perlomni ppc stable thanks to ernsteiswuerfel! SuperH port disbanded. Added to an existing GLSA request. This issue was resolved and addressed in GLSA 202003-58 at https://security.gentoo.org/glsa/202003-58 by GLSA coordinator Thomas Deutschmann (whissi). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c37adbe2dbe3a23b257d6cb157e88b303c54854 commit 3c37adbe2dbe3a23b257d6cb157e88b303c54854 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-26 18:23:28 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-26 18:24:51 +0000 app-arch/unzip: security cleanup (bug #691566) Bug: https://bugs.gentoo.org/691566 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-arch/unzip/Manifest | 1 - app-arch/unzip/unzip-6.0_p21-r2.ebuild | 86 ---------------------------------- 2 files changed, 87 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af08bf9e16e9a2e3e1e6a14d31c70260835882a9 commit af08bf9e16e9a2e3e1e6a14d31c70260835882a9 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-26 18:22:34 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-26 18:24:30 +0000 app-arch/unzip: mark x86 & m68k stable (bug #691566) Bug: https://bugs.gentoo.org/691566 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-arch/unzip/unzip-6.0_p25-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) |