Summary: | <www-servers/nginx-1.25.4: segmentation fault might occur while processing a specially crafted QUIC session | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tomáš Mózes <hydrapolic> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | ajak, conikost, hydrapolic, maintainer-needed |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/35337 | ||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 928619 | ||
Bug Blocks: |
Description
Tomáš Mózes
2024-02-15 04:01:17 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c67aacaa0cdf0181c71042f49dce7dc8b23c2e08 commit c67aacaa0cdf0181c71042f49dce7dc8b23c2e08 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-02-15 04:03:04 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2024-02-15 13:17:10 +0000 www-servers/nginx: add 1.25.4 Bug: https://bugs.gentoo.org/924619 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-servers/nginx/Manifest | 1 + www-servers/nginx/nginx-1.25.4.ebuild | 1112 +++++++++++++++++++++++++++++++++ 2 files changed, 1113 insertions(+) Please stabilize when ready, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf4dd40ab44f6407164eeee7d5189602b7f295be commit cf4dd40ab44f6407164eeee7d5189602b7f295be Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2024-04-24 12:38:37 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2024-04-24 12:41:47 +0000 www-servers/nginx: drop 1.25.3, 1.25.3-r1 Bug: https://bugs.gentoo.org/924619 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> www-servers/nginx/Manifest | 1 - www-servers/nginx/nginx-1.25.3-r1.ebuild | 1112 ------------------------------ www-servers/nginx/nginx-1.25.3.ebuild | 1078 ----------------------------- 3 files changed, 2191 deletions(-) I've added the cleanup whiteboard status assuming that 1.24.x is also vulnerable and still needs to be removed. Please let us know if this is not the case. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15ee8b9878108d89e4a0eae8770cc78d1466d287 commit 15ee8b9878108d89e4a0eae8770cc78d1466d287 Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2024-05-29 22:50:37 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2024-05-29 22:53:39 +0000 www-servers/nginx: drop 1.24.0-r3, 1.24.0-r4 Bug: https://bugs.gentoo.org/924619 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> www-servers/nginx/Manifest | 2 - www-servers/nginx/nginx-1.24.0-r3.ebuild | 1066 ----------------------------- www-servers/nginx/nginx-1.24.0-r4.ebuild | 1100 ------------------------------ 3 files changed, 2168 deletions(-) I just have dropped 1.24.x from tree. |