Summary: | <dev-libs/glib-2.66.7: Integer overflow (CVE-2021-{27218,27219}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gnome |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitlab.gnome.org/GNOME/glib/-/issues/2319 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2021-02-05 03:54:38 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1b64b25d3122534c974ce85a0319645a4a7fb86 commit a1b64b25d3122534c974ce85a0319645a4a7fb86 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2021-02-14 11:28:18 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2021-02-14 11:30:41 +0000 dev-libs/glib: security bump to 2.66.7 Bug: https://bugs.gentoo.org/768753 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Mart Raudsepp <leio@gentoo.org> dev-libs/glib/Manifest | 1 + dev-libs/glib/glib-2.66.7.ebuild | 290 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 291 insertions(+) Alright, please stabilize when ready. Sanity check failed:
> dev-libs/glib-2.66.7
> bdepend amd64 dev profile default/linux/amd64/17.0/x32 (39 total)
> >=dev-util/gtk-doc-1.33
> bdepend amd64 stable profile default/linux/amd64/17.1 (65 total)
> >=dev-util/gtk-doc-1.33
> depend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> >=dev-util/sysprof-capture-3.38:4[abi_x86_32(-),abi_x86_64(-),abi_x86_x32(-)]
> depend amd64 stable profile default/linux/amd64/17.1 (11 total)
> >=dev-util/sysprof-capture-3.38:4[abi_x86_32(-),abi_x86_64(-)]
> depend amd64 dev profile default/linux/amd64/17.1/desktop/systemd (1 total)
> >=dev-util/sysprof-capture-3.38:4[abi_x86_32(-),abi_x86_64(-)]
> depend amd64 stable profile default/linux/amd64/17.1/no-multilib (3 total)
> >=dev-util/sysprof-capture-3.38:4[abi_x86_64(-)]
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> >=dev-util/sysprof-capture-3.38:4[abi_x86_32(-),abi_x86_64(-),abi_x86_x32(-)]
> rdepend amd64 stable profile default/linux/amd64/17.1 (11 total)
> >=dev-util/sysprof-capture-3.38:4[abi_x86_32(-),abi_x86_64(-)]
> rdepend amd64 dev profile default/linux/amd64/17.1/desktop/systemd (1 total)
> >=dev-util/sysprof-capture-3.38:4[abi_x86_32(-),abi_x86_64(-)]
> rdepend amd64 stable profile default/linux/amd64/17.1/no-multilib (3 total)
> >=dev-util/sysprof-capture-3.38:4[abi_x86_64(-)]
> depend x86 stable profile default/linux/x86/17.0 (11 total)
> >=dev-util/sysprof-capture-3.38:4[abi_x86_32(-)]
> rdepend x86 stable profile default/linux/x86/17.0 (11 total)
> >=dev-util/sysprof-capture-3.38:4[abi_x86_32(-)]
Sanity check failed:
> dev-util/gtk-doc-1.33.1-r4
> depend arm stable profile default/linux/arm/17.0 (32 total)
> dev-python/parameterized[python_targets_python3_7(-)]
> dev-python/parameterized[python_targets_python3_8(-)]
> dev-python/parameterized[python_targets_python3_9(-)]
> depend arm dev profile default/linux/arm/17.0/armv4 (37 total)
> dev-python/parameterized[python_targets_python3_7(-)]
> dev-python/parameterized[python_targets_python3_8(-)]
> dev-python/parameterized[python_targets_python3_9(-)]
All sanity-check issues have been resolved CVE-2021-27218 was assigned for this (the upstream issue title seems wrong). (In reply to John Helmert III (ajak) from comment #6) > CVE-2021-27218 was assigned for this (the upstream issue title seems wrong). Well, maybe not wrong, but both CVEs are similar and appear to be covered by the stabilization in this bug. arm done sparc stable ppc64 done arm64 done x86 done hppa stable amd64 done amd64 done s390 done ppc done all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61eae93378aeff7997d41ea3b9e4bdc09aa119b2 commit 61eae93378aeff7997d41ea3b9e4bdc09aa119b2 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2021-02-18 22:16:57 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2021-02-18 22:19:09 +0000 dev-libs/glib: security cleanup Bug: https://bugs.gentoo.org/768753 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Mart Raudsepp <leio@gentoo.org> dev-libs/glib/Manifest | 5 - dev-libs/glib/glib-2.62.6.ebuild | 267 ----------------------------------- dev-libs/glib/glib-2.64.5.ebuild | 281 ------------------------------------- dev-libs/glib/glib-2.66.2.ebuild | 283 -------------------------------------- dev-libs/glib/glib-2.66.3.ebuild | 283 -------------------------------------- dev-libs/glib/glib-2.66.4.ebuild | 290 --------------------------------------- 6 files changed, 1409 deletions(-) Thanks leio! New GLSA request filed. This issue was resolved and addressed in GLSA 202107-13 at https://security.gentoo.org/glsa/202107-13 by GLSA coordinator Sam James (sam_c). |