Summary: | <app-crypt/veracrypt-1.24_p2: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Frank Krömmelbein <kroemmelbein> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gokturk, jstein |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=705436 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Frank Krömmelbein
2019-12-19 08:03:46 UTC
SECURITY Add this on all security related issues. ^ This is not a bug for the security team. Any reason why this bug is keyworded with SECURITY? I guess we can assume these two to be of importance: Fix off by one buffer overflow in function Process::Execute (Reported and fixed by Hanno Böck) Make sure password gets deleted in case of internal error when mounting volume (Reported and fixed by Hanno Böck) Re-keywording. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=203783d176b8f801bd640c5c1eaa372b6ea29e3e commit 203783d176b8f801bd640c5c1eaa372b6ea29e3e Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2019-12-19 22:42:33 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2019-12-19 22:48:27 +0000 app-crypt/veracrypt: bump to 1.24-Update2 Bug: https://bugs.gentoo.org/703340 Closes: https://bugs.gentoo.org/698936 Package-Manager: Portage-2.3.79, Repoman-2.3.18 Signed-off-by: Göktürk Yüksek <gokturk@gentoo.org> app-crypt/veracrypt/Manifest | 1 + ...racrypt-1.24_p2-revert-wxwidgets-breakage.patch | 100 +++++++++++++++++ app-crypt/veracrypt/veracrypt-1.24_p2.ebuild | 120 +++++++++++++++++++++ 3 files changed, 221 insertions(+) The new version runs smoothly here. Can the stabilization now be started for app-crypt/veracrypt-1.24_p2 ? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df1ce05286d75dd247e17489b8dacb5a833bb45a commit df1ce05286d75dd247e17489b8dacb5a833bb45a Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2020-03-30 11:15:02 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2020-03-30 12:20:06 +0000 app-crypt/veracrypt: remove old Bug: https://bugs.gentoo.org/703340 Package-Manager: Portage-2.3.69, Repoman-2.3.14 Signed-off-by: Göktürk Yüksek <gokturk@gentoo.org> app-crypt/veracrypt/Manifest | 3 - app-crypt/veracrypt/veracrypt-1.23.ebuild | 96 ---------------------- app-crypt/veracrypt/veracrypt-1.24-r1.ebuild | 117 --------------------------- app-crypt/veracrypt/veracrypt-1.24-r2.ebuild | 117 --------------------------- app-crypt/veracrypt/veracrypt-1.24.ebuild | 100 ----------------------- app-crypt/veracrypt/veracrypt-1.24_p1.ebuild | 117 --------------------------- 6 files changed, 550 deletions(-) Older vulnerable versions are removed and the secure version is in stable. It should be safe to close this bug now. (In reply to Göktürk Yüksek from comment #6) > Older vulnerable versions are removed and the secure version is in stable. > It should be safe to close this bug now. Great, thank you! We'll move it to the glsa? step. |