Summary: | <app-forensics/sleuthkit-4.9.0: Multiple vulnerabilities (CVE-2019-{14531,14532}, CVE-2020-{10232,10233}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gokturk |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=690194 https://bugs.gentoo.org/show_bug.cgi?id=661160 |
||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 721154 | ||
Bug Blocks: | 661160, 690194 |
Description
Sam James
2020-03-09 08:59:11 UTC
@maintainer(s), please create an appropriate ebuild @maintainer(s): ping The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=811a39b416b02091e788a3788c6b3bad1396e4fb commit 811a39b416b02091e788a3788c6b3bad1396e4fb Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2020-05-06 00:01:59 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2020-05-06 00:06:57 +0000 app-forensics/sleuthkit: bump to 4.9.0 Bug: https://bugs.gentoo.org/711930 Package-Manager: Portage-2.3.69, Repoman-2.3.14 Signed-off-by: Göktürk Yüksek <gokturk@gentoo.org> app-forensics/sleuthkit/Manifest | 2 + app-forensics/sleuthkit/sleuthkit-4.9.0.ebuild | 298 +++++++++++++++++++++++++ 2 files changed, 300 insertions(+) CVE-2019-14532 (https://nvd.nist.gov/vuln/detail/CVE-2019-14532): An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table. CVE-2019-14531 (https://nvd.nist.gov/vuln/detail/CVE-2019-14531): An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c. @maintainer(s), please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f51fa4ab5df227dd66c3979406ce194968ff329c commit f51fa4ab5df227dd66c3979406ce194968ff329c Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-06-20 01:11:03 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-20 01:11:03 +0000 app-forensics/sleuthkit: drop vulnerable Bug: https://bugs.gentoo.org/690194 Bug: https://bugs.gentoo.org/711930 Signed-off-by: Aaron Bauman <bman@gentoo.org> app-forensics/sleuthkit/Manifest | 7 - app-forensics/sleuthkit/sleuthkit-4.6.5.ebuild | 270 ----------------------- app-forensics/sleuthkit/sleuthkit-4.6.6.ebuild | 270 ----------------------- app-forensics/sleuthkit/sleuthkit-4.6.7.ebuild | 268 ----------------------- app-forensics/sleuthkit/sleuthkit-4.7.0.ebuild | 289 ------------------------ app-forensics/sleuthkit/sleuthkit-4.8.0.ebuild | 292 ------------------------- 6 files changed, 1396 deletions(-) |