Summary: | <sys-libs/musl-1.2.1-r1: wcsnrtombs destination buffer overflow (CVE-2020-28928) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | blueness, lu_zero, musl |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2020/11/20/4 | ||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
![]() ![]() ![]() ![]() Please apply the patch linked (in URL), thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a8e70b0165c61ec95464968205a8cf06859e607 commit 8a8e70b0165c61ec95464968205a8cf06859e607 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-11-24 14:59:52 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-11-24 14:59:59 +0000 sys-libs/musl: security bump for CVE-2020-28928 Acked-by: Anthony G. Basile <blueness@gentoo.org> Bug: https://bugs.gentoo.org/755695 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> .../musl/files/musl-1.2.1-CVE-2020-28928.patch | 114 ++++++++++++++++++ sys-libs/musl/musl-1.2.1-r1.ebuild | 133 +++++++++++++++++++++ 2 files changed, 247 insertions(+) Stabilisation is pending on blueness testing this out in production. (In reply to Sam James from comment #4) > Stabilisation is pending on blueness testing this out in production. 1.2.1-r1 stable on all arches (In reply to Anthony Basile from comment #5) > (In reply to Sam James from comment #4) > > Stabilisation is pending on blueness testing this out in production. > > 1.2.1-r1 stable on all arches Thanks! Please cleanup when ready. Unable to check for sanity:
> no match for package: sys-libs/musl-1.2.1-r1
Tree is clean Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. |