Summary: | <sys-fs/zfs-2.2.3: Bundled old Lua is vulnerable to CVE-2020-24370 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/advisories/GHSA-gfr4-c37g-mm3v | ||
See Also: | https://github.com/openzfs/zfs/pull/15847 | ||
Whiteboard: | B4 [stable?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 717780 |
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bda8ae7ff2bba3e341c010c67009aa403985656d commit bda8ae7ff2bba3e341c010c67009aa403985656d Author: Sam James <sam@gentoo.org> AuthorDate: 2024-02-23 05:04:44 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-23 06:33:04 +0000 sys-fs/zfs: add 2.2.3 Bug: https://bugs.gentoo.org/925290 Closes: https://bugs.gentoo.org/925281 Signed-off-by: Sam James <sam@gentoo.org> sys-fs/zfs/Manifest | 2 + sys-fs/zfs/files/2.2.3-musl.patch | 34 +++++ sys-fs/zfs/zfs-2.2.3.ebuild | 308 ++++++++++++++++++++++++++++++++++++++ sys-fs/zfs/zfs-9999.ebuild | 2 +- 4 files changed, 345 insertions(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a367cc6d29a7b1b70cdf6072ca6fd1d6a21b6f8 commit 9a367cc6d29a7b1b70cdf6072ca6fd1d6a21b6f8 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-02-23 05:04:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-23 06:29:47 +0000 sys-fs/zfs-kmod: add 2.2.3 Bug: https://bugs.gentoo.org/925290 Signed-off-by: Sam James <sam@gentoo.org> sys-fs/zfs-kmod/Manifest | 2 + sys-fs/zfs-kmod/zfs-kmod-2.2.3.ebuild | 217 ++++++++++++++++++++++++++++++++++ sys-fs/zfs-kmod/zfs-kmod-9999.ebuild | 4 +- 3 files changed, 221 insertions(+), 2 deletions(-) |
From 2.2.3 release notes: > LUA: Backport CVE-2020-24370's patch #15847