Summary: | <media-video/motion-4.3.2: segmentation fault via crafted HTTP request (CVE-2020-26566) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | hfern, media-video, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/Motion-Project/motion/issues/1227 | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2020-12-19 09:04:16 UTC
The differences between 4.3.2 and 4.3.1 are only two bug fixes, including a fix for this CVE. Suggest to stabilize 4.3.2, and mask 4.3.1. (In reply to Johannes Willem (Hans) Fernhout from comment #1) > The differences between 4.3.2 and 4.3.1 are only two bug fixes, including a > fix for this CVE. > > Suggest to stabilize 4.3.2, and mask 4.3.1. Thanks! amd64 done x86 done all arches done Please cleanup, thanks! Unable to check for sanity:
> no match for package: media-video/motion-4.3.2
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c500354ad3a2355db99d0cef849f0b7ba9b79dc commit 6c500354ad3a2355db99d0cef849f0b7ba9b79dc Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-04-14 14:36:32 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-04-14 14:43:43 +0000 media-video/motion: security cleanup (drop <4.3.1) Bug: https://bugs.gentoo.org/760714 Signed-off-by: John Helmert III <ajak@gentoo.org> media-video/motion/Manifest | 1 - media-video/motion/files/motion.confd-r4 | 28 -------- media-video/motion/files/motion.initd-r4 | 30 --------- media-video/motion/motion-4.3.1.ebuild | 107 ------------------------------- 4 files changed, 166 deletions(-) Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a16853d3c1571d38169ea77acb931f5924d5abfe commit a16853d3c1571d38169ea77acb931f5924d5abfe Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 22:31:25 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 22:33:20 +0000 [ GLSA 202208-18 ] Motion: Denial of service Bug: https://bugs.gentoo.org/760714 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-18.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) GLSA released, all done! |