Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 724504

Summary: dev-libs/uulib: Likely vulnerable to same as dev-perl/Convert-UUlib
Product: Gentoo Security Reporter: Sam James <sam>
Component: AuditingAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: kentnl, perl, sam
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=724494
https://bugs.gentoo.org/show_bug.cgi?id=724510
https://bugs.gentoo.org/show_bug.cgi?id=724618
Whiteboard:
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-21 20:52:42 UTC 
See e.g. bug 724494.

dev-libs/uulib has only 2 rdeps, it wouldn't be too much work to test with dev-perl/Convert-UUlib's fork, or see if we can backport the security fixes in the Perl version.

Note that the Perl module includes a fork, not a bundling (thanks kent\n).
Comment 1 Hanno Böck gentoo-dev 2022-11-24 16:53:35 UTC 
The 2009 issue is this one:
https://bugzilla.redhat.com/show_bug.cgi?id=1711098

It contains a hexdump of the proof of concept and does not crash uudeview, so I can only assume it's unaffected. I'll try to track down the PoC for the 2015 issue as well.