Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 678750 - dev-libs/libvterm: out-of-memory in screen.c, state.c, vterm.c leading to denial of service
Summary: dev-libs/libvterm: out-of-memory in screen.c, state.c, vterm.c leading to den...
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [upstream/ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-25 15:16 UTC by Agostino Sarubbo
Modified: 2020-03-26 20:55 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2019-02-25 15:16:01 UTC
From ${URL} :

libvterm through 0+bzr726, as used in Vim and other products, mishandles certain
out-of-memory conditions, leading to a denial of service (application crash),
related to screen.c, state.c, and vterm.c.

Upstream Issue:
https://github.com/vim/vim/issues/3711

Upstream Patch:
https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Sam James (sam_c) (security padawan) 2020-03-18 17:43:35 UTC
(In reply to Agostino Sarubbo from comment #0)
> libvterm through 0+bzr726, as used in Vim and other products, mishandles
> certain
> out-of-memory conditions, leading to a denial of service (application crash),
> related to screen.c, state.c, and vterm.c.

I haven't been able to identify the specific fix with 100% confidence, although there have been OOM and memory leak related commits, such as https://bazaar.launchpad.net/~libvterm/libvterm/trunk/revision/756.

@maintainer(s), my recommendation is to bump to the latest, or preferably take a snapshot from the website to guarantee all of these fixes are included, even if not related to this specific vulnerability.

It looks like there is another vulnerability disclosed here: https://bugs.launchpad.net/libvterm/+bug/1846869


> Upstream Patch:
> https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8
> 

Note that this was fixed in vim v8.1.0633.
Comment 2 Sam James (sam_c) (security padawan) 2020-03-26 20:55:19 UTC
Tree is clean.
Comment 3 Sam James (sam_c) (security padawan) 2020-03-26 20:55:57 UTC
(In reply to sam_c (Security Padawan) from comment #2)
> Tree is clean.

No, ignore this! Still needs a bump as per my previous comment.