Summary: | <net-dns/dnsmasq-2.80-r2: Memory leak in the create_helper() function in /src/helper.c (CVE-2019-14834) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Allen Webb <allenwebb> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | allenwebb, chutzpah |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/gentoo/gentoo/pull/15197 | ||
See Also: | https://github.com/gentoo/gentoo/pull/15197 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
net-dns/dnsmasq-2.80-r2 amd64 arm arm64 hppa ppc ppc64 sparc x86
|
Runtime testing required: | --- |
Description
Allen Webb
2020-04-01 13:56:21 UTC
Thanks for reporting a security bug. Make sure you put it in the Gentoo Security component next time so that the security team can pick up on it. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d2cde891f94eed8019bde4deb0612af08cb0d30 commit 5d2cde891f94eed8019bde4deb0612af08cb0d30 Author: Allen-Webb <allenwebb@google.com> AuthorDate: 2020-04-01 14:44:02 +0000 Commit: Patrick McLean <chutzpah@gentoo.org> CommitDate: 2020-04-01 17:19:21 +0000 net-dns/dnsmasq-2.80-r2: Revbump, fix CVE-2019-14834 Bug: https://bugs.gentoo.org/715764 Signed-off-by: Allen-Webb <allenwebb@google.com> Closes: https://github.com/gentoo/gentoo/pull/15197 Signed-off-by: Patrick McLean <chutzpah@gentoo.org> ...smasq-2.80-r1.ebuild => dnsmasq-2.80-r2.ebuild} | 1 + .../files/dnsmasq-2.80-cve-2019-14834.patch | 39 ++++++++++++++++++++++ 2 files changed, 40 insertions(+) security: we should be fine to stabilize this (In reply to Patrick McLean from comment #3) > security: we should be fine to stabilize this Great, thanks for the quick merge! Didn't catch it was already stable on those arches. Tree is clean. Thanks again. Changing to glsa? Resetting sanity check; package list is empty or all packages are done. GLSA Vote: No Thank you all for you work. Closing as [noglsa]. |