Summary: | dev-python/ujson: stack-based buffer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | minor | CC: | mgorny, python, swegener |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/google/oss-fuzz/issues/7677 | ||
Whiteboard: | B3 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2022-01-01 02:18:04 UTC
Note that I can't seem to find an upstream reference to this.
The linked YAML file from Google says:
> - introduced: a920bfa9d85bcd78836b866d1be80c1e3dcca1da
> - fixed: 5525f8c9ef8bb879dadd0eb942d524827d1b0362
... but I don't see that fixed commit anywhere.
FWICS all the new versions of ujson have been added to that YAML, so probably it wasn't ever fixed. Looking at the link found at the issue tracker: https://github.com/ultrajson/ultrajson/compare/e3ccc5a1ff945275106d9323c00683fafeffc04a...682c6601569980e9a8a05378d3c1478db30384bc I'm guessing that the problem has been swept under the rug by stripping executables. |