Summary: | <app-crypt/mit-krb5-1.19.2: null pointer dereference (CVE-2021-36222) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | kerberos |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 | ||
Whiteboard: | B3 [glsa+] | ||
Package list: |
app-crypt/mit-krb5-1.19.2
|
Runtime testing required: | --- |
Description
John Helmert III
2021-07-22 23:12:00 UTC
@eras, could you bump to 1.19.2? thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c77d11611eb26edc2cbe27fe6ce33b69d151f0c7 commit c77d11611eb26edc2cbe27fe6ce33b69d151f0c7 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2021-07-28 15:48:13 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2021-07-28 15:48:13 +0000 app-crypt/mit-krb5: security bump to 1.19.2 Bug: https://bugs.gentoo.org/803434 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Eray Aslan <eras@gentoo.org> app-crypt/mit-krb5/Manifest | 1 + app-crypt/mit-krb5/mit-krb5-1.19.2.ebuild | 161 ++++++++++++++++++++++++++++++ 2 files changed, 162 insertions(+) sparc stable Thanks eras! amd64 stable ppc stable ppc64 stable x86 done arm done hppa done arm64 done all arches done Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98dc35e8c0f276aa167465b5e7636e8a975beaed commit 98dc35e8c0f276aa167465b5e7636e8a975beaed Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2021-08-02 10:35:50 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2021-08-02 10:35:50 +0000 app-crypt/mit-krb5: cleanup Bug: https://bugs.gentoo.org/803434 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Eray Aslan <eras@gentoo.org> app-crypt/mit-krb5/Manifest | 3 - app-crypt/mit-krb5/files/CVE-2020-28196.patch | 71 --------- .../files/mit-krb5-1.18.2-autoconf-2.70.patch | 35 ----- .../mit-krb5/files/mit-krb5_dont_create_run.patch | 10 -- app-crypt/mit-krb5/mit-krb5-1.18.2-r4.ebuild | 166 --------------------- app-crypt/mit-krb5/mit-krb5-1.18.3-r2.ebuild | 164 -------------------- app-crypt/mit-krb5/mit-krb5-1.19.1-r1.ebuild | 161 -------------------- 7 files changed, 610 deletions(-) Unable to check for sanity:
> no match for package: app-crypt/mit-krb5-1.19.2
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=573380a79676407a84c4bd5cfca7805936336c8a commit 573380a79676407a84c4bd5cfca7805936336c8a Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-05 07:13:18 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-05 07:13:49 +0000 [ GLSA 202405-11 ] MIT krb5: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/803434 Bug: https://bugs.gentoo.org/809845 Bug: https://bugs.gentoo.org/879875 Bug: https://bugs.gentoo.org/917464 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-11.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) |