Summary: | <sys-libs/zlib-1.2.12: deflate memory corruption | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | base-system, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2022/03/24/1 | ||
Whiteboard: | A4 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 836303 | ||
Bug Blocks: | 838721 |
Description
John Helmert III
2022-03-24 20:00:15 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d55f1223957344dd8aaa16d5f609b46d7d2b598e commit d55f1223957344dd8aaa16d5f609b46d7d2b598e Author: Sam James <sam@gentoo.org> AuthorDate: 2022-03-28 06:43:11 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-28 06:43:26 +0000 sys-libs/zlib: add 1.2.12 Bug: https://bugs.gentoo.org/835958 Signed-off-by: Sam James <sam@gentoo.org> sys-libs/zlib/Manifest | 2 + sys-libs/zlib/zlib-1.2.12.ebuild | 187 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 189 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb5eb206b488b495be7cab1bc72526a79d49428b commit cb5eb206b488b495be7cab1bc72526a79d49428b Author: Sam James <sam@gentoo.org> AuthorDate: 2022-03-28 06:50:42 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-28 06:51:20 +0000 sys-libs/zlib: unkeyword 1.2.12 Checking something... Bug: https://bugs.gentoo.org/835958 Signed-off-by: Sam James <sam@gentoo.org> sys-libs/zlib/zlib-1.2.12.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e2bd29b39d577e88ecf6bc0752cd50c56ea6411 commit 5e2bd29b39d577e88ecf6bc0752cd50c56ea6411 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-03-28 07:28:51 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-28 07:29:30 +0000 sys-libs/zlib: revbump 1.2.12 for configure fix For me, it silently installed no 32-bit lib (or tried to build it statically, which then didn't get installed), so let's be cautious. Still unkeyworded until later though. Bug: https://bugs.gentoo.org/835958 Bug: https://bugs.gentoo.org/836308 Fixes: 0a91cef90a3879f5fe3763a01c0f37c336bd1a6c Signed-off-by: Sam James <sam@gentoo.org> sys-libs/zlib/{zlib-1.2.12.ebuild => zlib-1.2.12-r1.ebuild} | 0 1 file changed, 0 insertions(+), 0 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd0a0f16ebdc4cf2d18378213d8476aeb42ff810 commit cd0a0f16ebdc4cf2d18378213d8476aeb42ff810 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-03-29 01:59:47 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-29 02:00:40 +0000 sys-libs/zlib: keyword 1.2.12-r1 Issues are fixed now. Nothing else has come up other than the now-fixed CC-configure issue. Bug: https://bugs.gentoo.org/835958 Signed-off-by: Sam James <sam@gentoo.org> sys-libs/zlib/files/zlib-1.2.12-fix-CC-logic-in-configure.patch | 6 ++++-- sys-libs/zlib/zlib-1.2.12-r1.ebuild | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) Request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=19befd853907b89ff1a5ea81ae63b19dbb1d7655 commit 19befd853907b89ff1a5ea81ae63b19dbb1d7655 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 20:36:54 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 20:37:38 +0000 [ GLSA 202210-42 ] zlib: Multiple vulnerabilities Bug: https://bugs.gentoo.org/835958 Bug: https://bugs.gentoo.org/863851 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-42.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) GLSA released, all done! |