Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 577610 - <sys-apps/busybox-1.24.2: two heap overflow
Summary: <sys-apps/busybox-1.24.2: two heap overflow
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on:
Reported: 2016-03-17 11:53 UTC by Agostino Sarubbo
Modified: 2017-01-01 12:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-03-17 11:53:23 UTC
From ${URL} :

CVE-2016-2147 / OOB heap write due to integer underflow

CVE-2016-2148 / heap overflow in OPTION_6RD parsing

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 SpanKY gentoo-dev 2016-03-21 18:49:04 UTC
bumped here:

should be fine for stable
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-03-21 23:40:48 UTC
@arches, please stabilize the following:

Comment 3 Agostino Sarubbo gentoo-dev 2016-03-22 14:33:30 UTC
amd64 stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2016-03-26 06:49:29 UTC
Stable for HPPA PPC64.
Comment 5 Agostino Sarubbo gentoo-dev 2016-03-27 10:17:28 UTC
ppc stable
Comment 6 Markus Meier gentoo-dev 2016-03-30 18:32:58 UTC
arm stable
Comment 7 Agostino Sarubbo gentoo-dev 2016-04-11 10:40:25 UTC
x86 stable
Comment 8 Matt Turner gentoo-dev 2016-05-02 03:33:55 UTC
alpha stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-07-08 10:04:33 UTC
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-07-08 12:04:04 UTC
ia64 stable
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2016-07-19 12:26:01 UTC
Removing unstable arches.

@maintainer(s), please remove the vulnerable versions.
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2016-11-27 11:27:44 UTC
Please cleanup.
Comment 13 Thomas Deutschmann (RETIRED) gentoo-dev 2016-12-02 20:16:23 UTC
Added to existing GLSA.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2016-12-04 06:41:16 UTC
This issue was resolved and addressed in
 GLSA 201612-04 at
by GLSA coordinator Aaron Bauman (b-man).
Comment 15 Aaron Bauman (RETIRED) gentoo-dev 2016-12-04 06:43:04 UTC
@maintainer(s), please clean the vulnerable version from the tree:

Comment 16 Aaron Bauman (RETIRED) gentoo-dev 2017-01-01 12:16:36 UTC
tree is clean