Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 724510

Summary: <net-nntp/tin-2.4.5: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: maintainer-needed
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=724504
https://github.com/gentoo/gentoo/pull/19166
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-21 21:08:48 UTC 
From change log (ftp://ftp.tin.org/pub/news/clients/tin/stable/CHANGES) for 2.4.3:
       BUG. possible buffer overflow when prompting for a wildcard search
            pattern in get_search_pattern()
       BUG. possible buffer overflows with long translations
       BUG. pointer arithmetic with possible NULL pointer
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-21 21:09:32 UTC 
This needs  a bump to 2.4.4 ideally (latest version).

Noticed when prodding at bug 724504.
Comment 2 Larry the Git Cow gentoo-dev 2021-01-24 01:48:16 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0b9b10345bbd1d162bfb3d8a2430b60d3341666

commit e0b9b10345bbd1d162bfb3d8a2430b60d3341666
Author:     John Helmert III <jchelmert3@posteo.net>
AuthorDate: 2021-01-23 05:24:05 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-01-24 01:48:02 +0000

    net-nntp/tin: security bump to 2.4.5
    
    Bump to EAPI 7, formatting fixes.
    
    Bug: https://bugs.gentoo.org/724510
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: John Helmert III <jchelmert3@posteo.net>
    Closes: https://github.com/gentoo/gentoo/pull/19166
    Signed-off-by: Sam James <sam@gentoo.org>

 net-nntp/tin/Manifest         |  1 +
 net-nntp/tin/tin-2.4.5.ebuild | 73 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-28 17:47:12 UTC 
arm done
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-30 10:02:58 UTC 
amd64 done
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-30 10:04:15 UTC 
ppc done
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-01 04:42:54 UTC 
x86 done

all arches done
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-01 04:48:02 UTC 
Please cleanup.
Comment 8 Larry the Git Cow gentoo-dev 2021-02-22 03:24:26 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56f43fc3fec4f9f6916d4ae11487299b9cbe96c2

commit 56f43fc3fec4f9f6916d4ae11487299b9cbe96c2
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-02-22 03:22:56 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-02-22 03:24:00 +0000

    net-nntp/tin: security cleanup (drop <2.4.5)
    
    Bug: https://bugs.gentoo.org/724510
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-nntp/tin/Manifest         |  1 -
 net-nntp/tin/tin-2.4.2.ebuild | 77 -------------------------------------------
 2 files changed, 78 deletions(-)
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2021-06-02 11:48:04 UTC 
Nothing to report for us.

Repository is clean, all done!