Bug 844736

Summary:	<net-libs/pacparser-1.4.0: Memory overwrite vulnerability
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	CONFIRMED ---
Severity:	minor	CC:	amadio
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [glsa?]
Package list:		Runtime testing required:	---
Bug Depends on:	850181
Bug Blocks:

Description Sam James archtester

2022-05-15 00:05:53 UTC

See https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9.

Comment 1 Guilherme Amadio gentoo-dev

2023-10-27 13:32:13 UTC

Note that I've pushed 1.4.2 to the tree today, so it now contains the fix for this problem. Please close this bug after confirming. Thank you.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da3bd28696a64f3eb8113f789db8a98df672d423

Comment 2 Guilherme Amadio gentoo-dev

2024-03-10 22:58:36 UTC

pacparser-1.4.0 (which already contains the fix) is the oldest version in the tree. Please close this bug. Thank you!

Comment 3 Guilherme Amadio gentoo-dev

2024-11-22 16:32:12 UTC

Closing this since affected versions of pacparser are long gone from the tree.

Comment 4 Hans de Graaff gentoo-dev

2024-11-24 08:17:09 UTC

(In reply to Guilherme Amadio from comment #3)
> Closing this since affected versions of pacparser are long gone from the
> tree.

Please don't close bug owned by security that still have a process to follow, even if that process has a huge backlog.