Summary: | <dev-libs/libmspack-0.10.1_alpha: buffer overflow in function chmd_read_headers() (CVE-2019-1010305) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ajak, david, fonts, reavertm |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/kyz/libmspack/issues/27 | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=719870 https://github.com/gentoo/gentoo/pull/15891 https://github.com/gentoo/gentoo/pull/18824 |
||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
app-arch/cabextract-1.9.1
|
Runtime testing required: | --- |
Description
Sam James
2020-03-01 20:24:28 UTC
@maintainer(s): ping (In reply to Sam James from comment #1) > @maintainer(s): ping [14:28:16] <@sam_c> reavertm_: I haven't reviewed https://github.com/gentoo/gentoo/pull/15891 yet but it's a bump for libmspack (may end up doing it myself if it's not OK). I'll do it for the security bug unless you have an objection. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89a8a05de188bd4c1bb7ef9910293788dd6a6850 commit 89a8a05de188bd4c1bb7ef9910293788dd6a6850 Author: David Heidelberg <david@ixit.cz> AuthorDate: 2020-05-20 12:03:10 +0000 Commit: Maciej Mrozowski <reavertm@gentoo.org> CommitDate: 2020-08-02 17:30:36 +0000 dev-libs/libmspack: bump to 0.10.1_alpha Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: David Heidelberg <david@ixit.cz> Bug: https://bugs.gentoo.org/711218 Closes: https://github.com/gentoo/gentoo/pull/15891 Signed-off-by: Maciej Mrozowski <reavertm@gentoo.org> dev-libs/libmspack/Manifest | 1 + dev-libs/libmspack/libmspack-0.10.1_alpha.ebuild | 73 ++++++++++++++++++++++++ 2 files changed, 74 insertions(+) arm64 done amd64 done x86 done arm done s390 stable sparc stable ppc done ppc64 stable hppa stable Please cleanup. We needed to stable cabextract too. arm64 done arm done ppc64 stable Looking good on ppc. # cat cabextract-711218.report USE tests started on Sa 12. Sep 15:03:13 CEST 2020 FEATURES=' test' USE='' succeeded for =app-arch/cabextract-1.9.1 USE='-extras' succeeded for =app-arch/cabextract-1.9.1 USE='extras' succeeded for =app-arch/cabextract-1.9.1 hppa stable sparc stable ppc stable thanks to ernsteiswuerfel! x86 stable amd64 done all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=992db41a4e6b51729b78139139cd24910b156a65 commit 992db41a4e6b51729b78139139cd24910b156a65 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-12-27 06:29:30 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-12-29 01:59:31 +0000 dev-libs/libmspack: security cleanup (drop <0.10.1_alpha) Bug: https://bugs.gentoo.org/711218 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/18824 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libmspack/Manifest | 1 - .../libmspack-0.9.1_alpha-fix-bigendian.patch | 17 ----- dev-libs/libmspack/libmspack-0.9.1_alpha-r1.ebuild | 75 ---------------------- 3 files changed, 93 deletions(-) |