Summary: | <app-arch/libarchive-3.4.0: use-after-free in a certain ARCHIVE_FAILED situation (CVE-2019-18408) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mgorny |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
app-arch/libarchive-3.4.0
app-crypt/libb2-0.98.1-r2
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-11-03 12:55:46 UTC
Let's stabilize 3.4.0 then. An automated check of this bug failed - repoman reported dependency errors (43 lines truncated):
> dependency.bad app-arch/libarchive/libarchive-3.4.0.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['app-crypt/libb2[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad app-arch/libarchive/libarchive-3.4.0.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['app-crypt/libb2[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad app-arch/libarchive/libarchive-3.4.0.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['app-crypt/libb2[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_riscv_lp64d(-)?,abi_riscv_lp64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
An automated check of this bug succeeded - the previous repoman errors are now resolved. arm64 stable amd64 stable x86 stable sparc stable s390 stable ppc64 stable hppa stable ppc stable ia64 stable arm stable m68k stable sh stable Cleanup done. New GLSA request filed. This issue was resolved and addressed in GLSA 202003-28 at https://security.gentoo.org/glsa/202003-28 by GLSA coordinator Thomas Deutschmann (whissi). |