Summary: | <dev-cpp/libmcpp-2.7.2_p5: Buffer overflow in do_msg() (CVE-2019-14274) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | maintainer-needed |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
dev-cpp/libmcpp-2.7.2_p5
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2020-04-22 00:37:06 UTC
Specific path according to Debian: https://salsa.debian.org/debian/mcpp/-/blob/master/debian/patches/05-gniibe-fix-13.patch There are however various other patches in that directory which look useful and are possibly security-related. So please investigate applying those. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad7f93d52342c57be176764b89aed9ae401c7f8a commit ad7f93d52342c57be176764b89aed9ae401c7f8a Author: Sam James <sam@gentoo.org> AuthorDate: 2021-03-27 01:27:41 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-03-27 02:57:36 +0000 dev-cpp/libmcpp: (security) bump to 2.7.2_p5 (Debian) Easier to just use the Debian patchset here. Bug: https://bugs.gentoo.org/718808 Signed-off-by: Sam James <sam@gentoo.org> dev-cpp/libmcpp/Manifest | 1 + dev-cpp/libmcpp/libmcpp-2.7.2_p5.ebuild | 50 +++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) x86 done amd64 done all arches done Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=95af7c77e3687fb248aeec1c40682ae78d8e64b2 commit 95af7c77e3687fb248aeec1c40682ae78d8e64b2 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-06-12 17:29:35 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-06-12 17:29:56 +0000 dev-cpp/libmcpp: drop 2.7.2-r3 Bug: https://bugs.gentoo.org/718808 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-cpp/libmcpp/files/libmcpp-2.7.2-gniibe.patch | 33 ----------- dev-cpp/libmcpp/files/libmcpp-2.7.2-zeroc.patch | 75 ------------------------ dev-cpp/libmcpp/libmcpp-2.7.2-r3.ebuild | 47 --------------- 3 files changed, 155 deletions(-) GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3b3ef864e85e6987d910f13c95b41c711f44cda9 commit 3b3ef864e85e6987d910f13c95b41c711f44cda9 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-04 13:53:45 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-04 14:00:12 +0000 [ GLSA 202208-04 ] libmcpp: Denial of service Bug: https://bugs.gentoo.org/718808 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-04.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) GLSA released, all done! |