Summary: | <sys-libs/newlib-3.3.0: Multiple vulnerabilities (CVE-2019-{14871,14872,14873,14874,14875,14876,14877,14878}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | bertrand, lu_zero, toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 717610 | ||
Bug Blocks: |
Description
Sam James
2020-03-18 19:30:19 UTC
@maintainer(s), please advise if ready for stabilisation, or call yourself. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae8fe4521b047d71437f98218ff595715f41cfc9 commit ae8fe4521b047d71437f98218ff595715f41cfc9 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2020-03-31 07:02:28 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-03-31 07:02:28 +0000 sys-libs/newlib: drop old, bug #713284 Bug: https://bugs.gentoo.org/713284 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> sys-libs/newlib/Manifest | 3 - sys-libs/newlib/newlib-2.2.0.ebuild | 81 --------------------- sys-libs/newlib/newlib-2.5.0.ebuild | 139 ----------------------------------- sys-libs/newlib/newlib-3.1.0.ebuild | 141 ------------------------------------ 4 files changed, 364 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed3befc9560963f41c7c8cc2c215c3ff0d8b4355 commit ed3befc9560963f41c7c8cc2c215c3ff0d8b4355 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2020-03-31 07:01:34 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-03-31 07:01:34 +0000 sys-libs/newlib: drop stable keywords, bug #713284 The package is only used to bootstrap embedded cross-compilers. Stable keywords don't make much sense. Let users manage keywords themselves. Bug: https://bugs.gentoo.org/713284 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> sys-libs/newlib/newlib-2.2.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Cleanup was done and stable keywords were dropped. I just realised: 3.1.0 is still in tree. That should be dropped too, if we can. 3.1.0 had to be reinstated for bug #717610 (In reply to Sergei Trofimovich from comment #5) > 3.1.0 had to be reinstated for bug #717610 Ah, thanks. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e7d448666bf391567ce16b2c394edbb753ad0386 commit e7d448666bf391567ce16b2c394edbb753ad0386 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2020-05-17 09:33:19 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-05-17 09:33:35 +0000 sys-libs/newlib: drop old, bug #713284 Bug: https://bugs.gentoo.org/713284 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> sys-libs/newlib/Manifest | 1 - sys-libs/newlib/newlib-3.1.0.ebuild | 141 ------------------------------------ 2 files changed, 142 deletions(-) |