Summary: | <app-arch/rpm-4.16.1.3: Out of bounds read in rpmdb parser (CVE-2021-20266) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | chainsaw |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=778533 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
app-arch/rpm-4.16.1.3 *
|
Runtime testing required: | --- |
Description
Sam James
2021-05-03 17:53:47 UTC
(In reply to Sam James from comment #0) > Patch: https://github.com/rpm-software-management/rpm/pull/1500 > https://github.com/rpm-software-management/rpm/commit/8f4b3c3cab8922a2022b9e47c71f1ecf906077ef Fixed in 4.16.1.3. Shall we stable? Oops, stabilization was done in bug 778533. Please cleanup. GLSA request filed. This issue was resolved and addressed in GLSA 202107-43 at https://security.gentoo.org/glsa/202107-43 by GLSA coordinator John Helmert III (ajak). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9517266013b80bf8e96445a63cf25e27831eb793 commit 9517266013b80bf8e96445a63cf25e27831eb793 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-07-25 21:25:01 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-07-26 03:12:57 +0000 app-arch/rpm: drop 4.14.2.1-r1, 4.16.0 Bug: https://bugs.gentoo.org/778533 Bug: https://bugs.gentoo.org/787944 Signed-off-by: John Helmert III <ajak@gentoo.org> app-arch/rpm/Manifest | 2 - app-arch/rpm/files/rpm-4.11.0-autotools.patch | 14 --- app-arch/rpm/files/rpm-4.16.0-libdir.patch | 34 ------ app-arch/rpm/files/rpm-4.9.1.2-libdir.patch | 31 ------ app-arch/rpm/rpm-4.14.2.1-r1.ebuild | 141 ------------------------ app-arch/rpm/rpm-4.16.0.ebuild | 153 -------------------------- 6 files changed, 375 deletions(-) |