Summary: | <net-nds/389-ds-base-2.3.2: double free in persistent searches | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | chris, Dessa, expeditioneer, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=2030307 | ||
See Also: |
https://github.com/gentoo/gentoo/pull/24637 https://bugs.gentoo.org/show_bug.cgi?id=835611 https://github.com/gentoo/gentoo/pull/36458 |
||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2022-02-18 22:54:29 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3a117fa888af153270d1b76f82a5db166768cb1 commit d3a117fa888af153270d1b76f82a5db166768cb1 Author: Dennis Lamm <expeditioneer@gentoo.org> AuthorDate: 2022-03-18 10:40:47 +0000 Commit: Dennis Lamm <expeditioneer@gentoo.org> CommitDate: 2022-03-18 17:07:32 +0000 net-nds/389-ds-base 2.1.0 version bump Closes: https://bugs.gentoo.org/832900 Bug: https://bugs.gentoo.org/833631 Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> net-nds/389-ds-base/389-ds-base-2.1.0.ebuild | 324 +++++++++++++++++++++++++++ net-nds/389-ds-base/Manifest | 1 + net-nds/389-ds-base/metadata.xml | 2 + 3 files changed, 327 insertions(+) (In reply to Larry the Git Cow from comment #1) > The bug has been referenced in the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=d3a117fa888af153270d1b76f82a5db166768cb1 > > commit d3a117fa888af153270d1b76f82a5db166768cb1 > Author: Dennis Lamm <expeditioneer@gentoo.org> > AuthorDate: 2022-03-18 10:40:47 +0000 > Commit: Dennis Lamm <expeditioneer@gentoo.org> > CommitDate: 2022-03-18 17:07:32 +0000 > > net-nds/389-ds-base 2.1.0 version bump > > Closes: https://bugs.gentoo.org/832900 > Bug: https://bugs.gentoo.org/833631 > > Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> > > net-nds/389-ds-base/389-ds-base-2.1.0.ebuild | 324 > +++++++++++++++++++++++++++ > net-nds/389-ds-base/Manifest | 1 + > net-nds/389-ds-base/metadata.xml | 2 + > 3 files changed, 327 insertions(+) Do we know if this fixes this vulnerability? Hi John, Upstream Issue: https://github.com/389ds/389-ds-base/issues/5218 Is merged in 2.1.0 branch. I'm not sure how you get that. The linked fix commit seems to be in 2.2.0: ~/git/389-ds-base $ git tag --contains a3c298f 389-ds-base-2.2.0 Sorry my bad. I thought that https://github.com/389ds/389-ds-base/commit/00385645f4fb103ca0107777398347fe7478d377 was merged to 2.1.0. But it was on the 2.1.0 branch. Therefore it will be fixed with a version bump to 2.1.1 or 2.2.0. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db6509134724c8a14ca82fe9e1e931f3e6e5e116 commit db6509134724c8a14ca82fe9e1e931f3e6e5e116 Author: Robert Förster <Dessa@gmake.de> AuthorDate: 2024-04-27 15:17:11 +0000 Commit: Arthur Zamarin <arthurzam@gentoo.org> CommitDate: 2024-04-28 07:08:27 +0000 net-nds/389-ds-base: drop 1.4.4.19-r4, 2.1.0-r4, 2.3.2 Bug: https://bugs.gentoo.org/849401 Bug: https://bugs.gentoo.org/835611 Bug: https://bugs.gentoo.org/833631 Signed-off-by: Robert Förster <Dessa@gmake.de> Closes: https://github.com/gentoo/gentoo/pull/36458 Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org> net-nds/389-ds-base/389-ds-base-1.4.4.19-r4.ebuild | 324 --------------------- net-nds/389-ds-base/389-ds-base-2.1.0-r4.ebuild | 321 -------------------- net-nds/389-ds-base/389-ds-base-2.3.2.ebuild | 298 ------------------- net-nds/389-ds-base/Manifest | 134 --------- ...-ds-base-2.3.2-setuptools-67-packaging-23.patch | 167 ----------- 5 files changed, 1244 deletions(-) All done, thanks! |