Summary: | <app-text/aspell-0.60.8: stack-based buffer over-read in acommon::unescape in common/getdata.cpp (CVE-2019-17544) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | maintainer-wanted |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | Flags: | stable-bot:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109 | ||
See Also: | https://github.com/gentoo/gentoo/pull/14967 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
app-text/aspell-0.60.8
|
Runtime testing required: | --- |
Description
Sam James
2020-03-01 03:57:48 UTC
NOTE: Marked as A3 because unknown exploitability. Could arguably be A2. app-text/aspell is B category. sparc stable x86 stable s390 stable amd64 stable ppc stable arm stable ppc64 stable ia64 stable hppa stable arm64 stable The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=297f863bdf8c040987fc3ec6208cff5931eb8f92 commit 297f863bdf8c040987fc3ec6208cff5931eb8f92 Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-03-15 17:24:04 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-15 21:15:43 +0000 app-text/aspell: Drop vulnerable Versions <app-text/aspell-0.60.8 are vulnerable, drop them. Closes: https://bugs.gentoo.org/711142 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/14967 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-text/aspell/Manifest | 2 - app-text/aspell/aspell-0.60.7.ebuild | 103 ------------------------------- app-text/aspell/aspell-0.60.7_rc1.ebuild | 100 ------------------------------ 3 files changed, 205 deletions(-) GLSA Vote: No! Repository is clean, all done! |