Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 845036 (CVE-2022-30763)

Summary: <dev-lang/janet-1.22.0: array mishandling
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: oz.tiram, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/janet-lang/janet/releases/tag/v1.22.0
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-16 16:50:34 UTC 
CVE-2022-30763:

Janet before 1.22.0 mishandles arrays.

This might be the relevant commit, but I don't see how it's security-relevant:
https://github.com/janet-lang/janet/commit/7fda7709ff15ab4b4cdea57619365eb2798f15c4
Comment 1 Viorel Munteanu gentoo-dev 2024-01-05 10:52:38 UTC 
janet 1.22.0 is in the tree, is this bug still relevant?
Comment 2 Hans de Graaff gentoo-dev Security 2024-01-05 12:18:01 UTC 
(In reply to Viorel Munteanu from comment #1)
> janet 1.22.0 is in the tree, is this bug still relevant?

Yes, but it does need to be updated accordingly. Resolving this with noglsa since there has not been a stable version of this package.