Summary: | <dev-libs/libuv-1.48.0: hostname truncation in getaddrinfo allows attacker-controlled lookup results | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hank Leininger <hlein> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ajak, jsmolic, lotgyero |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 | ||
See Also: | https://github.com/gentoo/gentoo/pull/35248 | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 924653, 924891 | ||
Bug Blocks: |
Description
Hank Leininger
2024-02-08 22:30:48 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0bae683c34e84f5d252ce86b1fe844bd9445258 commit b0bae683c34e84f5d252ce86b1fe844bd9445258 Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2024-02-09 22:06:06 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2024-02-10 01:02:31 +0000 dev-libs/libuv: add 1.48.0, update SRC_URI Bug: https://bugs.gentoo.org/924127 Signed-off-by: Hank Leininger <hlein@korelogic.com> Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> dev-libs/libuv/Manifest | 1 + dev-libs/libuv/libuv-1.48.0.ebuild | 54 ++++++++++++++++++++++++++++++++++++++ dev-libs/libuv/libuv-9999.ebuild | 3 ++- 3 files changed, 57 insertions(+), 1 deletion(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f2af276017530099965ad9a89cdf0341d0246d1 commit 4f2af276017530099965ad9a89cdf0341d0246d1 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2024-04-20 13:29:53 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2024-04-20 13:30:05 +0000 dev-libs/libuv: drop 1.47.0-r1 Bug: https://bugs.gentoo.org/924127 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-libs/libuv/Manifest | 1 - dev-libs/libuv/files/libuv-1.47.0-darwin17.patch | 26 ---------- .../libuv/files/libuv-1.47.0-hppa-kernel.patch | 32 ------------ dev-libs/libuv/files/libuv-1.47.0-ipv6-tests.patch | 54 -------------------- dev-libs/libuv/libuv-1.47.0-r1.ebuild | 59 ---------------------- 5 files changed, 172 deletions(-) Cleanup done, kde proj out. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=62ad8e9fc962a92ebbf83e8e266d65053c7ccd50 commit 62ad8e9fc962a92ebbf83e8e266d65053c7ccd50 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2025-01-23 06:16:58 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2025-01-23 06:17:08 +0000 [ GLSA 202501-05 ] libuv: Hostname Truncation Bug: https://bugs.gentoo.org/924127 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202501-05.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) |