From ${URL} : A denial of service issue was discovered in ctags. This could lead to excessive CPU and disk space consumption. For local uses of ctags, this is not much of an issue as there are many ways to consume CPU and disk space. It was reported that version 5.6 (which is in Red Hat Enterprise Linux 5) is not affected. Version 5.8 is reported to be affected. Upstream fix: http://sourceforge.net/p/ctags/code/791/ CVE request: http://seclists.org/oss-sec/2014/q3/780 References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742605 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-7204 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7204): jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.
@maintainers, can you include the attached patch or should this be considered a WONTFIX?
@maintainers could you confirm if ctags-20161028 is still affected? Thank you
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e51c2e662a365f1b3923462d52a8151c3c03de80 commit e51c2e662a365f1b3923462d52a8151c3c03de80 Author: Patrice Clement <monsieurp@gentoo.org> AuthorDate: 2019-03-31 18:19:53 +0000 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: 2019-03-31 18:20:13 +0000 dev-util/ctags: version bump. Bug: https://bugs.gentoo.org/524004 Signed-off-by: Patrice Clement <monsieurp@gentoo.org> Package-Manager: Portage-2.3.62, Repoman-2.3.11 dev-util/ctags/Manifest | 1 + dev-util/ctags/ctags-20190331.ebuild | 71 ++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+)
x86 stable
amd64 stable
sparc stable
arm stable
ia64 stable
s390 stable
arm64 stable
alpha stable
hppa stable
ppc64 stable
ppc stable. Maintainer(s), please cleanup. Security, please vote.
