Summary: | <dev-libs/libbpf-0.7.0: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | chutzpah, jsmolic |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 834693 | ||
Bug Blocks: |
Description
Sam James
2022-01-01 02:03:05 UTC
Is it clear that 0.6.1 was affected? To me it looks like the issue was already fixed in december 11, when 0.6.1 was tagged, so it's likely to no longer be affected. Furthermore there is now 0.7.0 in tree which should certainly not be affected, unless I'm completely misunderstanding the automatic fuzzing reports. Yep, looks like the fixed commit is 33ec2ca026d568c4820324752be09a51460b7005, which is in 0.7.0, so need to stable 0.7.0. Shouldn't hurt to just trust the oss-fuzz tracking here. Maintainer: please stabilize 0.7.0. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94cab9ea037c1bdeb49d9b07fe53a36a43a10119 commit 94cab9ea037c1bdeb49d9b07fe53a36a43a10119 Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2022-03-15 18:00:50 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2022-03-15 18:00:50 +0000 dev-libs/libbpf: drop 0.6.1 Bug: https://bugs.gentoo.org/830368 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> dev-libs/libbpf/Manifest | 1 - dev-libs/libbpf/libbpf-0.6.1.ebuild | 51 ------------------------------------- 2 files changed, 52 deletions(-) |