Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 843155

Summary: dev-lang/squirrel: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: maintainer-needed
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ?? [ebuild]
Package list:
Runtime testing required: ---
Bug Depends on: 885757    
Bug Blocks: 843158    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-07 14:57:26 UTC 
CVE-2022-30292 (https://github.com/albertodemichelis/squirrel/commit/a6413aa690e0bdfef648c68693349a7b878fe60d):

thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reservestack call.
Comment 1 Larry the Git Cow gentoo-dev 2022-10-28 15:15:51 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e0ebfc2e1cb1f5ed435a59d627d1a85053c70bd

commit 1e0ebfc2e1cb1f5ed435a59d627d1a85053c70bd
Author:     Pacho Ramos <pacho@gentoo.org>
AuthorDate: 2022-10-28 13:49:33 +0000
Commit:     Pacho Ramos <pacho@gentoo.org>
CommitDate: 2022-10-28 15:15:24 +0000

    dev-lang/squirrel: add 3.2
    
    Bug: https://bugs.gentoo.org/843155
    Signed-off-by: Pacho Ramos <pacho@gentoo.org>

 dev-lang/squirrel/Manifest                         |  2 +
 .../files/squirrel-3.2-CVE-2022-30292.patch        | 12 +++++
 dev-lang/squirrel/files/squirrel.pc.in             | 12 +++++
 dev-lang/squirrel/squirrel-3.2.ebuild              | 63 ++++++++++++++++++++++
 4 files changed, 89 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-30 03:31:49 UTC 
Thanks! Please stabilize when ready.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-13 21:58:13 UTC 
Hm, I think we need a CVE-2021-41556 patch here too?