Summary: | <dev-util/bsdiff-4.3-r4: Improper checking of input allows arbitrary write on heap (CVE-2014-9862) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Flags: | stable-bot:
sanity-check+
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/14970 https://github.com/gentoo/gentoo/pull/15002 |
||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
dev-util/bsdiff-4.3-r4
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-12-03 00:38:55 UTC
Patch (ChromiumOS): https://chromium.googlesource.com/chromiumos/third_party/bsdiff/+/d0307d1711bd74e51b783a49f9160775aa22e659%5E%21/#F0 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4d7646f1d69122a3f49925119a92834c20a1aee commit f4d7646f1d69122a3f49925119a92834c20a1aee Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-03-15 18:21:54 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-15 21:06:07 +0000 dev-util/bsdiff: Fix CVE-2014-9862 Includes a patch from ChromiumOS. Bug: https://bugs.gentoo.org/701848 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/14970 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-util/bsdiff/bsdiff-4.3-r4.ebuild | 35 ++++++++++++++++++++++ .../bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch | 15 ++++++++++ 2 files changed, 50 insertions(+) sparc stable hppa stable amd64 stable ppc stable ia64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a90ac2818a5f4f7cb1358f8d679c523801d0e7b2 commit a90ac2818a5f4f7cb1358f8d679c523801d0e7b2 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-19 18:31:41 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-19 18:31:53 +0000 dev-util/bsdiff: security cleanup (bug #701848) Bug: https://bugs.gentoo.org/701848 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-util/bsdiff/bsdiff-4.3-r3.ebuild | 36 ------------------------------------ 1 file changed, 36 deletions(-) New GLSA request filed. This issue was resolved and addressed in GLSA 202003-44 at https://security.gentoo.org/glsa/202003-44 by GLSA coordinator Thomas Deutschmann (whissi). |