662876 – <app-antivirus/clamav-0.100.2: multiple vulnerabilities due to embedded dev-libs/libmspack (CVE-2018-{14679,14680,14681,14682})

Bug 662876 - <app-antivirus/clamav-0.100.2: multiple vulnerabilities due to embedded dev-libs/libmspack (CVE-2018-{14679,14680,14681,14682})

Summary: <app-antivirus/clamav-0.100.2: multiple vulnerabilities due to embedded dev-l...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:	CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682
	Show dependency tree

Reported:	2018-08-05 21:58 UTC by Thomas Deutschmann (RETIRED)
Modified:	2019-08-09 21:17 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-05 21:58:31 UTC

See tracker bug 662166 for details.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-05 22:01:11 UTC

We really need to get rid of bundled dev-libs/libmspack, i.e. remove "system-libmspack" USE flag and enforce dev-libs/libmspack usage. This will also solve bug 661234 which blocks stabilization at the moment.

Comment 2 Thomas Raschbacher gentoo-dev

2018-10-07 18:51:58 UTC

0.100.2 disables the bundled libmspack and uses system wide only.