Bug 776772 (CVE-2021-29376)

Summary:	<net-irc/ircii-20210314: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	IN_PROGRESS ---
Severity:	minor	CC:	ajak, bkohler
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=777987
Whiteboard:	B3 [glsa?]
Package list:		Runtime testing required:	---

Description Sam James archtester

2021-03-16 22:38:09 UTC

From the NEWS:

Changes in ircII 20210314:

  o  fix two memory leaks, one from michael ortmann <ortmann@posteo.de>.
  o  removed support for non-host getaddrinfo(), getnameinfo(),
     inet_pton(), inet_ntop(), and snprintf().
  o  fixes for various issues by michael ortmann <ortmann@posteo.de>.

Changes in ircII 20210225:

  o  new --with-sanitizer=<asan|ubsan|lsan> configure support
  o  many fixes for fuzzer and sanitizer found issues
  o  the $IRCSERVERS variable no longer triggers some library asserts 
  o  avoid displaying negative hours/minutes
  o  fix a potential messages goes to wrong window issue in numerics

And ChangeLog has more details involving e.g. CTCP (http://ircii.warped.com/ircii-current/ircii/ChangeLog).

Comment 1 Sam James archtester

2021-03-16 22:38:24 UTC

Tell us when ready to stable.

Comment 2 John Helmert III archtester

2021-03-24 13:04:06 UTC

*** Bug 777978 has been marked as a duplicate of this bug. ***

Comment 3 Sam James archtester

2021-03-28 05:44:47 UTC

Shall we?

Comment 4 Ben Kohler gentoo-dev

2021-03-28 11:20:26 UTC

Sure go ahead with stabilization

Comment 5 Sam James archtester

2021-03-28 11:23:50 UTC

(In reply to Ben Kohler from comment #4)
> Sure go ahead with stabilization

Thanks!

Comment 6 Sam James archtester

2021-03-28 12:15:30 UTC

x86 done

Comment 7 Sam James archtester

2021-03-28 12:16:13 UTC

amd64 done

all arches done

Comment 8 John Helmert III archtester

2021-03-28 14:52:12 UTC

Please cleanup.

Comment 9 Larry the Git Cow gentoo-dev

2021-03-28 15:15:52 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70ca7084ab9d6c1054d56d2af18927615ea73d99

commit 70ca7084ab9d6c1054d56d2af18927615ea73d99
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2021-03-28 15:15:39 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2021-03-28 15:15:39 +0000

    net-irc/ircii: drop old
    
    Bug: https://bugs.gentoo.org/776772
    Package-Manager: Portage-3.0.17, Repoman-3.0.2
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 net-irc/ircii/Manifest              |  1 -
 net-irc/ircii/ircii-20190117.ebuild | 36 ------------------------------------
 2 files changed, 37 deletions(-)

Comment 10 John Helmert III archtester

2021-03-28 15:49:55 UTC

Thanks!

Comment 11 NATTkA bot gentoo-dev

2021-07-29 17:23:40 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 12 NATTkA bot gentoo-dev

2021-07-29 17:32:04 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 13 NATTkA bot gentoo-dev

2021-07-29 17:39:57 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 14 NATTkA bot gentoo-dev

2021-07-29 17:48:08 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 15 NATTkA bot gentoo-dev

2021-07-29 18:04:05 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 16 NATTkA bot gentoo-dev

2021-07-29 18:12:22 UTC

Package list is empty or all packages have requested keywords.