Summary: | GHSA-c827-hfw6-qwvm: rustix: memory explosion leading to potential DOS | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Randy Barlow <randy> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | Keywords: | PullRequest |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/advisories/GHSA-c827-hfw6-qwvm | ||
See Also: |
https://github.com/gentoo/gentoo/pull/34929 https://github.com/gentoo/gentoo/pull/35198 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Randy Barlow
2024-01-21 03:08:16 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e8669fa28f8061c98753da87e905d86d47f981e2 commit e8669fa28f8061c98753da87e905d86d47f981e2 Author: Randy Barlow <randy@electronsweatshop.com> AuthorDate: 2024-01-21 02:46:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-01-21 03:57:58 +0000 app-misc/rpick: Add 0.9.1 This addresses two security issues in dependencies, though it is not known whether rpick is vulnerable to the issues: * RUSTSEC-2023-0075: Update unsafe-libyaml to 0.2.10 - https://github.com/bowlofeggs/rpick/pull/353 - https://rustsec.org/advisories/RUSTSEC-2023-0075.html * GHSA-c827-hfw6-qwvm: Update rustix to 0.38.30 - https://github.com/bowlofeggs/rpick/pull/359 - https://github.com/advisories/GHSA-c827-hfw6-qwvm Bug: https://bugs.gentoo.org/922588 Bug: https://bugs.gentoo.org/922589 Signed-off-by: Randy Barlow <randy@electronsweatshop.com> Closes: https://github.com/gentoo/gentoo/pull/34929 Signed-off-by: Sam James <sam@gentoo.org> app-misc/rpick/Manifest | 66 ++++++++++++++++++ app-misc/rpick/rpick-0.9.1.ebuild | 139 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 205 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6068510a96e1a9d6656d31f3a61e2b0adc4c15f0 commit 6068510a96e1a9d6656d31f3a61e2b0adc4c15f0 Author: Randy Barlow <randy@electronsweatshop.com> AuthorDate: 2024-02-05 23:21:26 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-06 03:40:27 +0000 app-misc/rpick: Drop 0.9.0 Bug: https://bugs.gentoo.org/922588 Bug: https://bugs.gentoo.org/922589 Signed-off-by: Randy Barlow <randy@electronsweatshop.com> Closes: https://github.com/gentoo/gentoo/pull/35198 Signed-off-by: Sam James <sam@gentoo.org> app-misc/rpick/Manifest | 73 ------------------- app-misc/rpick/rpick-0.9.0.ebuild | 146 -------------------------------------- 2 files changed, 219 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7bce99fa59aa3b880bea298ffb55514386c42a8 commit f7bce99fa59aa3b880bea298ffb55514386c42a8 Author: Randy Barlow <randy@electronsweatshop.com> AuthorDate: 2024-02-05 23:19:56 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-06 03:40:27 +0000 app-misc/rpick: Drop 0.8.12 Bug: https://bugs.gentoo.org/922588 Bug: https://bugs.gentoo.org/922589 Signed-off-by: Randy Barlow <randy@electronsweatshop.com> Signed-off-by: Sam James <sam@gentoo.org> app-misc/rpick/Manifest | 59 ----------------- app-misc/rpick/rpick-0.8.12.ebuild | 125 ------------------------------------- 2 files changed, 184 deletions(-) |