Summary: | <app-arch/upx{-bin,}-4.0.0: buffer overflow vulnerability (CVE-2021-20285) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | azamat.hackimov, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/20142 https://bugs.gentoo.org/show_bug.cgi?id=790281 https://bugs.gentoo.org/show_bug.cgi?id=792348 https://github.com/gentoo/gentoo/pull/28041 |
||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2021-03-27 01:41:37 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97ac6e82a6949ade17754dc18110dd0f3cd67c5d commit 97ac6e82a6949ade17754dc18110dd0f3cd67c5d Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2021-03-27 12:09:35 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2021-03-27 14:26:23 +0000 app-arch/upx: remove old version Bug: https://bugs.gentoo.org/778530 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Signed-off-by: Conrad Kostecki <conikost@gentoo.org> app-arch/upx/upx-3.96.ebuild | 34 ---------------------------------- 1 file changed, 34 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec0f3f52f3f3d4dd8a267f5788cd5e440b2f86d2 commit ec0f3f52f3f3d4dd8a267f5788cd5e440b2f86d2 Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2021-03-27 12:08:19 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2021-03-27 14:24:13 +0000 app-arch/upx: fix CVE-2021-20285 Patch taken from upstream commit https://github.com/upx/upx/commit/3781df9da23840e596d5e9e8493f22666802fe6c. Bug: https://bugs.gentoo.org/778530 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Signed-off-by: Conrad Kostecki <conikost@gentoo.org> app-arch/upx/files/upx-3.96_CVE-2021-20285.patch | 76 ++++++++++++++++++++++++ app-arch/upx/upx-3.96-r1.ebuild | 38 ++++++++++++ 2 files changed, 114 insertions(+) Thank you! I also apologize, I missed -bin at first, that one will need to be done too. At least for -bin, i guess, we have to wait, until there is a newer version. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0079cd3b6bd983ac029d76507960a3cf40413ae4 commit 0079cd3b6bd983ac029d76507960a3cf40413ae4 Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2022-10-30 12:37:24 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2022-10-31 22:50:58 +0000 app-arch/upx-bin: add 4.0.0 Bug: https://bugs.gentoo.org/778530 Bug: https://bugs.gentoo.org/790281 Bug: https://bugs.gentoo.org/792348 Bug: https://bugs.gentoo.org/866794 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Signed-off-by: Conrad Kostecki <conikost@gentoo.org> app-arch/upx-bin/Manifest | 7 +++++++ app-arch/upx-bin/upx-bin-4.0.0.ebuild | 39 +++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f6c4062375fef16a763f3d413b099addef73432 commit 5f6c4062375fef16a763f3d413b099addef73432 Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2022-10-30 11:49:41 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2022-10-31 22:50:57 +0000 app-arch/upx: add 4.0.0 Bug: https://bugs.gentoo.org/778530 Bug: https://bugs.gentoo.org/790281 Bug: https://bugs.gentoo.org/792348 Bug: https://bugs.gentoo.org/866794 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Signed-off-by: Conrad Kostecki <conikost@gentoo.org> app-arch/upx/Manifest | 1 + app-arch/upx/upx-4.0.0.ebuild | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) |