Bug 815268 (CVE-2021-37146)

Summary:	<ros-meta/ros_comm-1.15.13: denial of service via XMLRPC server (CVE-2021-37146)
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	ros
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446
Whiteboard:	~3 [noglsa]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2021-09-28 20:23:04 UTC

CVE-2021-37146:

An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLRPC call.


Fixed in 1.15.12, please bump.

Comment 1 Alexis Ballier gentoo-dev

2021-12-17 09:00:47 UTC

bumped

Comment 2 John Helmert III archtester

2021-12-17 18:04:31 UTC

Thanks, please cleanup!

Comment 3 Larry the Git Cow gentoo-dev

2022-08-16 20:09:11 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9864b091ec99d4ca9be3472016e83e04c8e33818

commit 9864b091ec99d4ca9be3472016e83e04c8e33818
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-08-16 20:07:51 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-16 20:07:51 +0000

    ros-meta/ros_comm: drop 1.15.9, 1.15.10, 1.15.11
    
    Bug: https://bugs.gentoo.org/815268
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 ros-meta/ros_comm/Manifest                |  3 --
 ros-meta/ros_comm/ros_comm-1.15.10.ebuild | 58 -------------------------------
 ros-meta/ros_comm/ros_comm-1.15.11.ebuild | 58 -------------------------------
 ros-meta/ros_comm/ros_comm-1.15.9.ebuild  | 58 -------------------------------
 4 files changed, 177 deletions(-)