Summary: | <dev-libs/libebml-1.4.2: exploitable heap overflow on 32 bit builds (CVE-2021-3405) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | media-video, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/Matroska-Org/libebml/issues/74 | ||
Whiteboard: | B1 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 882797 | ||
Bug Blocks: |
Description
John Helmert III
2021-02-23 22:02:22 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a51938aa0fc53ed5804e6749ecd3db3db489d17 commit 5a51938aa0fc53ed5804e6749ecd3db3db489d17 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-02-24 15:02:47 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-02-24 16:21:43 +0000 dev-libs/libebml: bump to 1.4.2 Bug: https://bugs.gentoo.org/772272 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libebml/Manifest | 1 + dev-libs/libebml/libebml-1.4.2.ebuild | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+) ppc done ppc64 done arm done arm64 done x86 done sparc stable amd64 done all arches done Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee5c6ba9a4dcb4662c5a7dfe9092ff3378547e54 commit ee5c6ba9a4dcb4662c5a7dfe9092ff3378547e54 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-02-25 12:57:20 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-02-25 12:57:20 +0000 dev-libs/libebml: Security cleanup Bug: https://bugs.gentoo.org/772272 Package-Manager: Portage-3.0.15, Repoman-3.0.2 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-libs/libebml/Manifest | 4 ---- dev-libs/libebml/libebml-1.3.10.ebuild | 20 -------------------- dev-libs/libebml/libebml-1.3.9.ebuild | 20 -------------------- dev-libs/libebml/libebml-1.4.0.ebuild | 20 -------------------- dev-libs/libebml/libebml-1.4.1.ebuild | 22 ---------------------- 5 files changed, 86 deletions(-) Thank you! Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=2111a6fd84a6c57c50d069870a152079eaa01505 commit 2111a6fd84a6c57c50d069870a152079eaa01505 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 00:09:54 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-14 00:11:45 +0000 [ GLSA 202208-21 ] libebml: Heap buffer overflow vulnerability Bug: https://bugs.gentoo.org/772272 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-21.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) |