Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 665292 (CVE-2018-14618) - <net-misc/curl-7.61.1: NTLM password overflow via integer overflow (CVE-2018-14618)
Summary: <net-misc/curl-7.61.1: NTLM password overflow via integer overflow (CVE-2018-...
Alias: CVE-2018-14618
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa+ cve]
Depends on: CVE-2018-16839, CVE-2018-16840, CVE-2018-16842
  Show dependency tree
Reported: 2018-09-05 17:34 UTC by GLSAMaker/CVETool Bot
Modified: 2019-03-10 19:48 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-09-05 17:34:23 UTC
CVE-2018-14618 (
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be

@maintainer please call for stabilization when ready. Thank you
Comment 1 Anthony Basile gentoo-dev 2018-09-05 18:46:45 UTC
curl-7.61.1.ebuild is in the tree and should be rapid stabilized.

KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 2 Rolf Eike Beer archtester 2018-09-05 19:10:24 UTC
I guess the package list would be =net-misc/curl-7.61.1 then?
Comment 3 Agostino Sarubbo gentoo-dev 2018-09-06 15:27:12 UTC
amd64 stable
Comment 4 Rolf Eike Beer archtester 2018-09-06 20:13:19 UTC
sparc done.
Comment 5 Mart Raudsepp gentoo-dev 2018-09-07 09:57:02 UTC
arm64 stable
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2018-09-07 23:14:25 UTC
hppa stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2018-09-07 23:17:34 UTC
ia64 stable
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2018-09-07 23:20:00 UTC
ppc stable
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2018-09-07 23:22:12 UTC
ppc64 stable
Comment 10 Thomas Deutschmann (RETIRED) gentoo-dev 2018-09-09 01:13:07 UTC
x86 stable
Comment 11 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-09-09 11:52:08 UTC
Comment 12 Larry the Git Cow gentoo-dev 2018-09-21 16:42:08 UTC
The bug has been referenced in the following commit(s):

commit 6681b26b2091f8ea5414a03bf79d1459cc197c96
Author:     Mikle Kolyada <>
AuthorDate: 2018-09-21 16:41:27 +0000
Commit:     Mikle Kolyada <>
CommitDate: 2018-09-21 16:41:27 +0000

    net-misc/curl: Security cleanup
    Package-Manager: Portage-2.3.49, Repoman-2.3.10

 net-misc/curl/Manifest              |   2 -
 net-misc/curl/curl-7.60.0-r1.ebuild | 247 ------------------------------------
 net-misc/curl/curl-7.60.0.ebuild    | 247 ------------------------------------
 net-misc/curl/curl-7.61.0.ebuild    | 247 ------------------------------------
 4 files changed, 743 deletions(-)
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2019-03-10 19:48:59 UTC
This issue was resolved and addressed in
 GLSA 201903-03 at
by GLSA coordinator Aaron Bauman (b-man).