Summary: | <media-sound/fluidsynth-2.2.0: UAF leading to code execution | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | fordfrog, sound |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/FluidSynth/fluidsynth/issues/808 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
media-sound/fluidsynth-2.2.0-r1
|
Runtime testing required: | --- |
Description
John Helmert III
2021-04-13 18:06:12 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7535acc9b7bdb3607217e0113b17fa05c2887cd3 commit 7535acc9b7bdb3607217e0113b17fa05c2887cd3 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2021-04-13 18:30:00 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2021-04-13 18:30:19 +0000 media-sound/fluidsynth: bump to 2.2.0 Bug: https://bugs.gentoo.org/782700 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> media-sound/fluidsynth/Manifest | 1 + media-sound/fluidsynth/fluidsynth-2.2.0.ebuild | 115 +++++++++++++++++++++++++ 2 files changed, 116 insertions(+) i'd give it at least few days to let any issues pop up before stabilization. if there's no issue, it would be ok to stabilize. Thanks! (In reply to Miroslav Šulc from comment #2) > i'd give it at least few days to let any issues pop up before stabilization. > if there's no issue, it would be ok to stabilize. see also https://bugs.gentoo.org/show_bug.cgi?id=782868 Subslot change needed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2aa4970e80f7af7b3af270b17f9a91ad5f8eb3cd commit 2aa4970e80f7af7b3af270b17f9a91ad5f8eb3cd Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2021-04-14 17:13:08 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2021-04-14 17:13:35 +0000 media-sound/fluidsynth: revbump for previous change Bug: https://bugs.gentoo.org/782700 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> .../fluidsynth/{fluidsynth-2.2.0.ebuild => fluidsynth-2.2.0-r1.ebuild} | 0 1 file changed, 0 insertions(+), 0 deletions(-) i think it's safe to go stable now. Thanks! sparc stable amd64 done x86 done arm64 done arm done ppc done ppc64 done all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55931a04b401d9aacecabd6d682b283ed70b3af2 commit 55931a04b401d9aacecabd6d682b283ed70b3af2 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2021-04-22 12:18:47 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2021-04-22 12:19:05 +0000 media-sound/fluidsynth: removed obsolete and vulnerable 2.1.5 Bug: https://bugs.gentoo.org/782700 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> media-sound/fluidsynth/Manifest | 1 - media-sound/fluidsynth/fluidsynth-2.1.5.ebuild | 115 ------------------------- 2 files changed, 116 deletions(-) the tree is clean now, you can proceed Thanks! GLSA request filed. This issue was resolved and addressed in GLSA 202107-34 at https://security.gentoo.org/glsa/202107-34 by GLSA coordinator John Helmert III (ajak). |