Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 908080 (CVE-2023-2961)

Summary: <app-arch/advancecomp-2.5: segmentation fault
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: mgorny
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/amadvance/advancecomp/releases/tag/v2.5
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-09 03:44:39 UTC 
CVE-2023-2961 (https://bugzilla.redhat.com/show_bug.cgi?id=2210768):

A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.

The sole reference is quite useless, no reference to upstream report or fixed version.
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2023-06-09 11:28:36 UTC 
Do I understand correctly that what we've basically got is a report that there is some bug somewhere but no clue what it's about and when it's going to be fixed?
Comment 2 Hans de Graaff gentoo-dev Security 2023-10-26 15:33:13 UTC 
According to the redhat bug this is fixed in advancecomp 2.5, and its release notes mention: "* Fix segmentation fault on invalid MNG size".