Summary: | <net-irc/scrollz-2.3.1: ReDoS vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | maintainer-needed |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2021/03/24/2 | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=776772 https://github.com/gentoo/gentoo/pull/28284 |
||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 889966 | ||
Bug Blocks: |
Description
John Helmert III
2021-03-24 13:59:29 UTC
Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. This is fixed in scrollz-2.3.1. https://github.com/ScrollZ/ScrollZ/commit/1155969d24e063b6d0b7e08b9b0c4ea8623f92ce https://github.com/ScrollZ/ScrollZ/commit/fd1e9eb9d7eae82fa923f5bcb83ea099a0fbbb4e Great, thanks! Are scrollz and bitchx forks of ircii? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55e4a023b11c654b43cc878ba3be7bc9ee4977e5 commit 55e4a023b11c654b43cc878ba3be7bc9ee4977e5 Author: Pascal Jäger <pascal.jaeger@leimstift.de> AuthorDate: 2022-11-15 08:06:33 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-11-22 07:04:02 +0000 net-irc/scrollz: version bump to 2.3.1, patch for clang16 Version bump also closes this vulnerability from bug 777987. Bug: https://bugs.gentoo.org/777987 Closes: https://bugs.gentoo.org/731206 Closes: https://bugs.gentoo.org/861467 Closes: https://bugs.gentoo.org/870907 Signed-off-by: Pascal Jäger <pascal.jaeger@leimstift.de> Closes: https://github.com/gentoo/gentoo/pull/28284 Signed-off-by: Sam James <sam@gentoo.org> net-irc/scrollz/Manifest | 2 ++ net-irc/scrollz/scrollz-2.3.1.ebuild | 69 ++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) Thanks! Please stabilize when ready. (In reply to John Helmert III from comment #8) > Great, thanks! Are scrollz and bitchx forks of ircii? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=524c415744c035ae2cda5d83b52c892aa335a68a commit 524c415744c035ae2cda5d83b52c892aa335a68a Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2023-11-09 06:27:00 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-11-09 06:27:24 +0000 net-irc/scrollz: drop 2.3-r1 Bug: https://bugs.gentoo.org/777987 Signed-off-by: Hans de Graaff <graaff@gentoo.org> net-irc/scrollz/Manifest | 1 - net-irc/scrollz/scrollz-2.3-r1.ebuild | 64 ----------------------------------- 2 files changed, 65 deletions(-) |