Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 724618

Summary: app-text/uudeview: Likely vulnerable to same as dev-perl/Convert-UUlib
Product: Gentoo Security Reporter: Kent Fredric (IRC: kent\n) (RETIRED) <kentnl>
Component: AuditingAssignee: Gentoo Security <security>
Status: RESOLVED NEEDINFO    
Severity: normal CC: hanno
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=724504
https://bugs.gentoo.org/show_bug.cgi?id=724494
Whiteboard:
Package list:
Runtime testing required: ---

Description Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2020-05-23 08:06:27 UTC 
This has the exact same sources as dev-libs/uulib as per bug #724504, which are likely to be vulnerable as in bug #724494
Comment 1 Hanno Böck gentoo-dev 2022-11-26 17:56:28 UTC 
I am not sure we're actually affected here.
The 2019 PoC can be found here:
https://bugzilla.redhat.com/show_bug.cgi?id=1711098
It does not trigger any issues in uudeview.

For the 2015 one I have not found a reference.
Comment 2 Hanno Böck gentoo-dev 2022-11-30 09:45:56 UTC 
2015 issue: https://rt.cpan.org/Public/Bug/Display.html?id=100960

Have to see how I can check reliably whether uudeview is vulnerable.
Comment 3 Hanno Böck gentoo-dev 2022-12-23 14:46:29 UTC 
Having checked these inputs and also done some fuzzing on uudeview I am reasonably confident that it is not vulnerable to any of these.

Therefore closing. Please re-open if you can reproduce these issues with any input on uudeview.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-12-24 08:09:57 UTC 
(In reply to Hanno Böck from comment #3)
> Having checked these inputs and also done some fuzzing on uudeview I am
> reasonably confident that it is not vulnerable to any of these.
> 
> Therefore closing. Please re-open if you can reproduce these issues with any
> input on uudeview.

Thanks hanno!