| Summary: | <app-text/hunspell-1.7.1: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sam James <sam> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | ajak, aliaksei.urbanski, maintainer-needed |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: |
https://github.com/gentoo/gentoo/pull/28908 https://github.com/hunspell/hunspell/issues/714 |
||
| Whiteboard: | A3 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 877029 | ||
| Bug Blocks: | |||
|
Description
Sam James
2022-08-23 04:26:36 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be7e4b576d80f9c5c0b9d85567d5866b21cd98d0 commit be7e4b576d80f9c5c0b9d85567d5866b21cd98d0 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-08-23 04:29:44 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-23 04:29:44 +0000 app-text/hunspell: add 1.7.1 Bug: https://bugs.gentoo.org/866093 Signed-off-by: Sam James <sam@gentoo.org> app-text/hunspell/Manifest | 1 + app-text/hunspell/hunspell-1.7.1.ebuild | 82 +++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65514e34b3955abc59013b1ca04f97fd7a101b55 commit 65514e34b3955abc59013b1ca04f97fd7a101b55 Author: Marco Scardovi <mscardovi@icloud.com> AuthorDate: 2023-01-01 01:01:45 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-01-03 10:52:18 +0000 app-text/hunspell: drop 1.7.0-r2 Bug: https://bugs.gentoo.org/866093 Signed-off-by: Marco Scardovi <mscardovi@icloud.com> Closes: https://github.com/gentoo/gentoo/pull/28908 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-text/hunspell/Manifest | 1 - .../files/hunspell-1.7.0-CVE-2019-16707.patch | 22 ------ app-text/hunspell/hunspell-1.7.0-r2.ebuild | 80 ---------------------- 3 files changed, 103 deletions(-) Hello, There is no <app-text/hunspell-1.7.1 in the Portage tree at the moment. Shouldn't this bug be resolved already? Thanks! (In reply to Aliaksei Urbanski from comment #3) > Hello, > > There is no <app-text/hunspell-1.7.1 in the Portage tree at the moment. > Shouldn't this bug be resolved already? > > Thanks! Security bugs with "glsa?" in whiteboard are generally waiting for us to make a GLSA, which we're behind on, but working on catching up. > "Merge chromium fix for OOB string write in hunspell" This one is upstream issue https://github.com/hunspell/hunspell/issues/714 and "Originally discovered in https://crbug.com/1175933", and fixed with https://github.com/hunspell/hunspell/commit/134405e2088b50ac71a4e49fb4168a414a941e89. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=2c779560e534feedab8822557bf136147db7c305 commit 2c779560e534feedab8822557bf136147db7c305 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-09-24 05:10:05 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-09-24 05:10:17 +0000 [ GLSA 202409-21 ] Hunspell: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/866093 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202409-21.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) |