Summary: | <sys-libs/glibc-2.32-r7: buffer overread in iconv (CVE-2019-25013) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sam |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A4 [glsa+ cve] | ||
Package list: |
sys-libs/glibc-2.32-r7
|
Runtime testing required: | --- |
Bug Depends on: | 767718 | ||
Bug Blocks: |
Description
John Helmert III
2021-01-06 20:34:32 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e486a3e2bcba51de8672b544186e147079cdff0 commit 0e486a3e2bcba51de8672b544186e147079cdff0 Author: Andreas K. Huettel <dilfridge@gentoo.org> AuthorDate: 2021-01-07 11:24:02 +0000 Commit: Andreas K. Huettel <dilfridge@gentoo.org> CommitDate: 2021-01-07 11:24:27 +0000 sys-libs/glibc: Patchlevel bump Bug: https://bugs.gentoo.org/764176 Bug: https://bugs.gentoo.org/763618 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Andreas K. Huettel <dilfridge@gentoo.org> sys-libs/glibc/Manifest | 1 + sys-libs/glibc/glibc-2.32-r7.ebuild | 1513 +++++++++++++++++++++++++++++++++++ 2 files changed, 1514 insertions(+) Ready to stable? In tree since 7th Jan. (In reply to Sam James from comment #2) > Ready to stable? In tree since 7th Jan. Why not. hppa/sparc stable amd64 done x86 done arm64 done arm done s390 stable @ppc, ppc64: ping some tests still fail, but I checked and it seems due to kernel bug. debian disables those FAIL: signal/tst-minsigstksz-1 FAIL: signal/tst-minsigstksz-2 FAIL: signal/tst-minsigstksz-3 FAIL: signal/tst-minsigstksz-3a FAIL: signal/tst-minsigstksz-4 ppc and ppc64 done. Unable to check for sanity:
> no match for package: sys-libs/glibc-2.32-r7
Nothing to do for toolchain here anymore New request filed This issue was resolved and addressed in GLSA 202107-07 at https://security.gentoo.org/glsa/202107-07 by GLSA coordinator John Helmert III (ajak). |