Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 930378

Summary: <dev-perl/Crypt-SMIME-0.300.0: double free in x509 parser
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: perl
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://metacpan.org/dist/Crypt-SMIME/changes
See Also: https://rt.cpan.org/Public/Bug/Display.html?id=152115
Whiteboard: B3 [stable?]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 924012    

Description Hanno Böck gentoo-dev 2024-04-21 17:23:03 UTC 
See
https://metacpan.org/dist/Crypt-SMIME/changes

0.29    Mon Mar  4 18:10:38 JST 2024
        - Fixed a bug which could cause a double-free on X.509
          structures in a certain scenario:
          https://rt.cpan.org/Public/Bug/Display.html?id=152115

Sounds like a security bug.
Comment 1 Larry the Git Cow gentoo-dev 2024-04-29 04:45:12 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8f346d70b929d0e978a7653c054e26ff89f114f

commit b8f346d70b929d0e978a7653c054e26ff89f114f
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-04-29 04:44:46 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-04-29 04:44:46 +0000

    dev-perl/Crypt-SMIME: add 0.300.0
    
    Bug: https://bugs.gentoo.org/930378
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-perl/Crypt-SMIME/Crypt-SMIME-0.300.0.ebuild | 42 +++++++++++++++++++++++++
 dev-perl/Crypt-SMIME/Manifest                   |  1 +
 2 files changed, 43 insertions(+)