Summary: | <dev-libs/hiredis-0.14.1: NULL pointer dereference in async.c and dict.c in libhiredis.a (CVE-2020-7105) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | fedeliallalinea, python, swegener |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/15272 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
dev-libs/hiredis-0.14.1
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2020-02-25 00:07:02 UTC
Upstream patches: https://github.com/redis/hiredis/pull/754 https://github.com/redis/hiredis/pull/756 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5156bbc233ee9e74417ccde7bc7430be672cb9f commit b5156bbc233ee9e74417ccde7bc7430be672cb9f Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-20 20:21:57 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-20 20:21:57 +0000 dev-libs/hiredis: bump to v0.14.1 Bug: https://bugs.gentoo.org/710734 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-libs/hiredis/Manifest | 1 + dev-libs/hiredis/hiredis-0.14.1.ebuild | 79 ++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) s390 stable sparc stable amd64 stable note: cannot cleanup until we figure out what to do about dev-python/hiredis? https://github.com/gentoo/gentoo/commit/1708e9d77e76b36c82f271bd1b03ff1c72b263a0 The ABI change was minimal in this case: https://abi-laboratory.pro/index.php?view=timeline&l=hiredis (In reply to sam_c (Security Padawan) from comment #6) > note: cannot cleanup until we figure out what to do about dev-python/hiredis? > > https://github.com/gentoo/gentoo/commit/ > 1708e9d77e76b36c82f271bd1b03ff1c72b263a0 > > The ABI change was minimal in this case: > https://abi-laboratory.pro/index.php?view=timeline&l=hiredis I misunderstood what this meant, please ignore! arm stable x86 stable ia64 stable ppc stable hppa stable ppc64 stable arm64 stable @maintainer(s), please cleanup Arches, Thank you for your work. GLSA Vote: Yes Maintainer(s), please drop the vulnerable version(s). Resetting sanity check; keywords are not fully specified and arches are not CC-ed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e63f04c278459cbb77c1631048619f55139b948 commit 7e63f04c278459cbb77c1631048619f55139b948 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-10 22:12:13 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-10 22:12:13 +0000 dev-libs/hiredis: security cleanup Bug: https://bugs.gentoo.org/710734 Package-Manager: Portage-2.3.98, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-libs/hiredis/Manifest | 2 - dev-libs/hiredis/hiredis-0.13.3.ebuild | 79 ---------------------------------- dev-libs/hiredis/hiredis-0.14.0.ebuild | 79 ---------------------------------- 3 files changed, 160 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2acf7b525f116eb46f7a62ee404f7d62bb18c712 commit 2acf7b525f116eb46f7a62ee404f7d62bb18c712 Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-04-09 03:40:15 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-04-12 06:29:06 +0000 dev-libs/hiredis: drop vulnerable Bug: https://bugs.gentoo.org/710734 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/15272 Signed-off-by: Joonas Niilola <juippis@gentoo.org> dev-libs/hiredis/Manifest | 2 - dev-libs/hiredis/hiredis-0.13.3.ebuild | 79 ---------------------------------- dev-libs/hiredis/hiredis-0.14.0.ebuild | 79 ---------------------------------- 3 files changed, 160 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=affbbbb69cedad882ac9906141f2f63d7d9f3525 commit affbbbb69cedad882ac9906141f2f63d7d9f3525 Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-04-11 05:17:08 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-04-12 06:29:01 +0000 dev-python/hiredis: drop to ~arch, cleanup Needed to clean up vulnerable dev-libs/hiredis. No reverse dependencies. Bug: https://bugs.gentoo.org/710734 Acked-by: Michał Górny <mgorny@gentoo.org> Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Signed-off-by: Joonas Niilola <juippis@gentoo.org> dev-python/hiredis/Manifest | 1 - dev-python/hiredis/hiredis-0.2.0-r1.ebuild | 21 --------------------- dev-python/hiredis/hiredis-0.2.0-r3.ebuild | 24 ------------------------ 3 files changed, 46 deletions(-) No GLSA. Tree is clean. |