Summary: | <dev-libs/oniguruma-6.9.3: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Arfrever Frehtes Taifersar Arahesis <arfrever.fta> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | cjk |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
dev-libs/oniguruma-6.9.3
|
Runtime testing required: | --- |
Description
Arfrever Frehtes Taifersar Arahesis
2019-08-09 15:15:45 UTC
arm64 stable sparc stable ia64 stable hppa stable s390 stable ppc stable ppc64 stable alpha stable arm stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db845c227640ab479b9bc5992de5580c3ca7688c commit db845c227640ab479b9bc5992de5580c3ca7688c Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-09-12 21:07:09 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-09-12 21:07:28 +0000 dev-libs/oniguruma: security cleanup (#691832) Bug: https://bugs.gentoo.org/691832 Package-Manager: Portage-2.3.76, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-libs/oniguruma/Manifest | 2 -- dev-libs/oniguruma/oniguruma-6.9.1.ebuild | 32 ------------------------------- dev-libs/oniguruma/oniguruma-6.9.2.ebuild | 32 ------------------------------- 3 files changed, 66 deletions(-) New GLSA request filed. https://github.com/kkos/oniguruma/commit/4e72afff1d360cf37cf9cccdba70946f074cb60a """ add CVE-2019-16163 in README.md """ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16163: """ Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. """ This issue was resolved and addressed in GLSA 201911-03 at https://security.gentoo.org/glsa/201911-03 by GLSA coordinator Aaron Bauman (b-man). |