Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 738984 (CVE-2020-14363)

Summary: <x11-libs/libX11-1.6.12: Double free in locale handling (CVE-2020-14363)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: ajak, x11
Priority: Normal Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.openwall.com/lists/oss-security/2020/08/25/2
See Also: https://bugs.gentoo.org/show_bug.cgi?id=734976
Whiteboard: A2 [glsa+ cve cleanup]
Package list:
x11-libs/libX11-1.6.12
 Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 734974    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-08-25 16:48:45 UTC 
* CVE-2020-14363

Description:
"There is an integer overflow and a double free vulnerability in the way
LibX11 handles locales. The integer overflow is a necessary precursor to
the double free."
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-08-25 17:18:53 UTC 
amd64 done
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-08-25 17:30:20 UTC 
arm64 stable
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-08-25 19:40:18 UTC 
arm done
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-08-25 19:54:23 UTC 
x86 done
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-08-25 19:55:49 UTC 
sparc done
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-08-25 20:50:50 UTC 
ppc64 done
Comment 7 Rolf Eike Beer archtester 2020-08-26 18:36:12 UTC 
hppa stable
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-08-27 23:57:25 UTC 
This issue was resolved and addressed in
 GLSA 202008-18 at https://security.gentoo.org/glsa/202008-18
by GLSA coordinator Sam James (sam_c).
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-08-27 23:58:04 UTC 
Reopening for stable.
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-08-29 13:13:27 UTC 
ppc done
Comment 11 Agostino Sarubbo gentoo-dev 2020-09-18 08:12:02 UTC 
s390 stable.

Maintainer(s), please cleanup.
Comment 12 Larry the Git Cow gentoo-dev 2020-09-23 01:08:26 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=196fb1154ddf535dd1483887b44d610518d86ab1

commit 196fb1154ddf535dd1483887b44d610518d86ab1
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2020-09-23 01:07:32 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2020-09-23 01:08:16 +0000

    x11-libs/libX11: Drop old versions
    
    Bug: https://bugs.gentoo.org/738984
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 x11-libs/libX11/Manifest             |  3 ---
 x11-libs/libX11/libX11-1.6.10.ebuild | 31 -------------------------------
 x11-libs/libX11/libX11-1.6.11.ebuild | 31 -------------------------------
 x11-libs/libX11/libX11-1.6.9.ebuild  | 31 -------------------------------
 4 files changed, 96 deletions(-)
Comment 13 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-09-23 03:25:27 UTC 
All done. Thanks all.