Summary: | <app-arch/brotli-1.0.9: Integer overflow when input chunk is larger than 2GiB in decoder (CVE-2020-8927) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | candrews |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
app-arch/brotli-1.0.9-r1
|
Runtime testing required: | --- |
Bug Depends on: | 744124, 746932 | ||
Bug Blocks: |
Description
Sam James
2020-09-29 22:21:29 UTC
Ready to stable? Unable to check for sanity:
> no match for package: app-arch/brotli-1.0.9
arm done ppc stable ppc64 stable sparc stable x86 stable Could you restrict tests because they are known not working for now btw? Thanks! (In reply to Sam James from comment #8) > Could you restrict tests because they are known not working for now btw? > Thanks! Absolutely - I have now done so. arm64 done (In reply to Craig Andrews from comment #9) > (In reply to Sam James from comment #8) > > Could you restrict tests because they are known not working for now btw? > > Thanks! > > Absolutely - I have now done so. Thank you :) hppa stable amd64 done all arches done Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6335edf52c5dc2b569ad2192f60f675a1dc177b4 commit 6335edf52c5dc2b569ad2192f60f675a1dc177b4 Author: Craig Andrews <candrews@gentoo.org> AuthorDate: 2020-11-06 20:39:25 +0000 Commit: Craig Andrews <candrews@gentoo.org> CommitDate: 2020-11-06 20:39:37 +0000 app-arch/brotli: Cleanup old versions Bug: https://bugs.gentoo.org/745474 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Craig Andrews <candrews@gentoo.org> app-arch/brotli/Manifest | 2 - app-arch/brotli/brotli-1.0.6-r1.ebuild | 80 ---------------------------------- app-arch/brotli/brotli-1.0.7.ebuild | 79 --------------------------------- 3 files changed, 161 deletions(-) Thanks! |