Summary: | <dev-util/rizin-0.4.0: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ajak, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 836001 |
Description
John Helmert III
2022-03-25 14:20:59 UTC
huntr.dev report: https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7 https://github.com/rizinorg/rizin/issues/2448 CVE-2022-1240 and CVE-2022-1244 are fixed with this: https://github.com/rizinorg/rizin/pull/2532 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd3f25f53be1a5dc7d81cdf498a0128b52eaf2c2 commit fd3f25f53be1a5dc7d81cdf498a0128b52eaf2c2 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-07-04 20:00:06 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-07-04 20:01:22 +0000 dev-util/rizin: drop 0.3.4, 0.3.4-r1 Bug: https://bugs.gentoo.org/836002 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-util/rizin/Manifest | 2 - dev-util/rizin/rizin-0.3.4-r1.ebuild | 103 ----------------------------------- dev-util/rizin/rizin-0.3.4.ebuild | 103 ----------------------------------- 3 files changed, 208 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da3042f37243689df0970cdad468e05387da141c commit da3042f37243689df0970cdad468e05387da141c Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-07-04 19:57:11 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-07-04 20:01:12 +0000 dev-util/rizin: stabilize 0.4.0 for amd64 Bug: https://bugs.gentoo.org/836002 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-util/rizin/rizin-0.4.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) These are buffer overreads rather than buffer overflows, so impact only appears to be DoS. No GLSA, all done! |