Summary: | <app-emulation/qemu-4.2.0-r2: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | slyfox, tamiko, virtualization |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
app-emulation/qemu-4.2.0-r2
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2020-02-13 14:36:44 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91b9bba62a5dd73e32bd43434bdaebf8914579ff commit 91b9bba62a5dd73e32bd43434bdaebf8914579ff Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2020-03-13 18:21:03 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2020-03-13 18:22:10 +0000 app-emulation/qemu: update slirp to current master Bug: https://bugs.gentoo.org/709490 Package-Manager: Portage-2.3.93, Repoman-2.3.20 Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-emulation/qemu/Manifest | 1 + app-emulation/qemu/qemu-4.2.0-r2.ebuild | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) New GLSA request filed. amd64 stable x86 stable. Maintainer(s), please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df6de6a40066f332b6440ee6b02e68bcb85828bd commit df6de6a40066f332b6440ee6b02e68bcb85828bd Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2020-03-19 08:15:13 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-03-19 08:15:47 +0000 app-emulation/qemu: drop <qemu-4.2.0-r2, bug #709490 Bug: https://bugs.gentoo.org/709490 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> app-emulation/qemu/qemu-4.2.0-r1.ebuild | 829 -------------------------------- 1 file changed, 829 deletions(-) This issue was resolved and addressed in GLSA 202003-66 at https://security.gentoo.org/glsa/202003-66 by GLSA coordinator Thomas Deutschmann (whissi). |