Summary: | net-nds/389-ds-base: double free in persistent searches | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | trivial | CC: | chris, Dessa, expeditioneer, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=2030307 | ||
See Also: |
https://github.com/gentoo/gentoo/pull/24637 https://bugs.gentoo.org/show_bug.cgi?id=835611 |
||
Whiteboard: | ~3 [ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2022-02-18 22:54:29 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3a117fa888af153270d1b76f82a5db166768cb1 commit d3a117fa888af153270d1b76f82a5db166768cb1 Author: Dennis Lamm <expeditioneer@gentoo.org> AuthorDate: 2022-03-18 10:40:47 +0000 Commit: Dennis Lamm <expeditioneer@gentoo.org> CommitDate: 2022-03-18 17:07:32 +0000 net-nds/389-ds-base 2.1.0 version bump Closes: https://bugs.gentoo.org/832900 Bug: https://bugs.gentoo.org/833631 Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> net-nds/389-ds-base/389-ds-base-2.1.0.ebuild | 324 +++++++++++++++++++++++++++ net-nds/389-ds-base/Manifest | 1 + net-nds/389-ds-base/metadata.xml | 2 + 3 files changed, 327 insertions(+) (In reply to Larry the Git Cow from comment #1) > The bug has been referenced in the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=d3a117fa888af153270d1b76f82a5db166768cb1 > > commit d3a117fa888af153270d1b76f82a5db166768cb1 > Author: Dennis Lamm <expeditioneer@gentoo.org> > AuthorDate: 2022-03-18 10:40:47 +0000 > Commit: Dennis Lamm <expeditioneer@gentoo.org> > CommitDate: 2022-03-18 17:07:32 +0000 > > net-nds/389-ds-base 2.1.0 version bump > > Closes: https://bugs.gentoo.org/832900 > Bug: https://bugs.gentoo.org/833631 > > Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> > > net-nds/389-ds-base/389-ds-base-2.1.0.ebuild | 324 > +++++++++++++++++++++++++++ > net-nds/389-ds-base/Manifest | 1 + > net-nds/389-ds-base/metadata.xml | 2 + > 3 files changed, 327 insertions(+) Do we know if this fixes this vulnerability? Hi John, Upstream Issue: https://github.com/389ds/389-ds-base/issues/5218 Is merged in 2.1.0 branch. I'm not sure how you get that. The linked fix commit seems to be in 2.2.0: ~/git/389-ds-base $ git tag --contains a3c298f 389-ds-base-2.2.0 Sorry my bad. I thought that https://github.com/389ds/389-ds-base/commit/00385645f4fb103ca0107777398347fe7478d377 was merged to 2.1.0. But it was on the 2.1.0 branch. Therefore it will be fixed with a version bump to 2.1.1 or 2.2.0. |