From ${URL} : In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. Upstream patch: https://github.com/clearlinux-pkgs/glibc/blob/master/CVE-2019-9169.patch https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9 References: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142 https://sourceware.org/bugzilla/show_bug.cgi?id=24114 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html https://www.securityfocus.com/bid/107160 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Fixed in 2.30
Unable to check for sanity: > dependent bug #712726 is missing keywords
Resetting sanity check; package list is empty or all packages are done.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cce133930b2d85cd8bed66715857ccf550048bbd commit cce133930b2d85cd8bed66715857ccf550048bbd Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2020-05-04 18:35:42 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2020-05-04 18:37:12 +0000 package.mask: Update old glibc mask, now masking <2.30-r8 Bug: https://bugs.gentoo.org/712726 Bug: https://bugs.gentoo.org/677272 Bug: https://bugs.gentoo.org/679044 Bug: https://bugs.gentoo.org/711558 Bug: https://bugs.gentoo.org/717938 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Arches and Maintainer(s), Thank you for your work. Added to GLSA
This issue was resolved and addressed in GLSA 202006-04 at https://security.gentoo.org/glsa/202006-04 by GLSA coordinator Aaron Bauman (b-man).
