Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 776772 (CVE-2021-29376)

Summary: <net-irc/ircii-20210314: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: ajak, bkohler
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=777987
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-16 22:38:09 UTC 
From the NEWS:

Changes in ircII 20210314:

  o  fix two memory leaks, one from michael ortmann <ortmann@posteo.de>.
  o  removed support for non-host getaddrinfo(), getnameinfo(),
     inet_pton(), inet_ntop(), and snprintf().
  o  fixes for various issues by michael ortmann <ortmann@posteo.de>.

Changes in ircII 20210225:

  o  new --with-sanitizer=<asan|ubsan|lsan> configure support
  o  many fixes for fuzzer and sanitizer found issues
  o  the $IRCSERVERS variable no longer triggers some library asserts 
  o  avoid displaying negative hours/minutes
  o  fix a potential messages goes to wrong window issue in numerics

And ChangeLog has more details involving e.g. CTCP (http://ircii.warped.com/ircii-current/ircii/ChangeLog).
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-16 22:38:24 UTC 
Tell us when ready to stable.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-03-24 13:04:06 UTC 
*** Bug 777978 has been marked as a duplicate of this bug. ***
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-28 05:44:47 UTC 
Shall we?
Comment 4 Ben Kohler gentoo-dev 2021-03-28 11:20:26 UTC 
Sure go ahead with stabilization
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-28 11:23:50 UTC 
(In reply to Ben Kohler from comment #4)
> Sure go ahead with stabilization

Thanks!
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-28 12:15:30 UTC 
x86 done
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-28 12:16:13 UTC 
amd64 done

all arches done
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-03-28 14:52:12 UTC 
Please cleanup.
Comment 9 Larry the Git Cow gentoo-dev 2021-03-28 15:15:52 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70ca7084ab9d6c1054d56d2af18927615ea73d99

commit 70ca7084ab9d6c1054d56d2af18927615ea73d99
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2021-03-28 15:15:39 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2021-03-28 15:15:39 +0000

    net-irc/ircii: drop old
    
    Bug: https://bugs.gentoo.org/776772
    Package-Manager: Portage-3.0.17, Repoman-3.0.2
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 net-irc/ircii/Manifest              |  1 -
 net-irc/ircii/ircii-20190117.ebuild | 36 ------------------------------------
 2 files changed, 37 deletions(-)
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-03-28 15:49:55 UTC 
Thanks!
Comment 11 NATTkA bot gentoo-dev 2021-07-29 17:23:40 UTC Comment hidden (obsolete)
Comment 12 NATTkA bot gentoo-dev 2021-07-29 17:32:04 UTC Comment hidden (obsolete)
Comment 13 NATTkA bot gentoo-dev 2021-07-29 17:39:57 UTC Comment hidden (obsolete)
Comment 14 NATTkA bot gentoo-dev 2021-07-29 17:48:08 UTC Comment hidden (obsolete)
Comment 15 NATTkA bot gentoo-dev 2021-07-29 18:04:05 UTC Comment hidden (obsolete)
Comment 16 NATTkA bot gentoo-dev 2021-07-29 18:12:22 UTC 
Package list is empty or all packages have requested keywords.