Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 686034 - <app-crypt/heimdal-7.6.0: S4U2Self with unkeyed checksum (CVE-2018-16860)
Summary: <app-crypt/heimdal-7.6.0: S4U2Self with unkeyed checksum (CVE-2018-16860)
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.h5l.org/pipermail/heimdal-...
Whiteboard: B3 [stable]
Keywords: STABLEREQ
Depends on:
Blocks: CVE-2018-16860
  Show dependency tree
 
Reported: 2019-05-15 15:09 UTC by GLSAMaker/CVETool Bot
Modified: 2019-08-13 10:31 UTC (History)
2 users (show)

See Also:
Package list:
app-crypt/heimdal-7.6.0
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-05-15 15:09:49 UTC
See tracker bug for more information.
Comment 1 Lars Wendler (Polynomial-C) gentoo-dev 2019-05-16 08:36:07 UTC
heimdal-7.6.0 has been released addressing this issue...
Comment 2 Larry the Git Cow gentoo-dev 2019-05-17 07:48:13 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c8fbea00ec59fad9583f6b815e89dcd33271faa

commit 5c8fbea00ec59fad9583f6b815e89dcd33271faa
Author:     Eray Aslan <eras@gentoo.org>
AuthorDate: 2019-05-17 07:47:28 +0000
Commit:     Eray Aslan <eras@gentoo.org>
CommitDate: 2019-05-17 07:47:55 +0000

    app-crypt/heimdal: security bump to 7.6.0
    
    Bug: https://bugs.gentoo.org/686034
    Closes: https://bugs.gentoo.org/649492
    Closes: https://bugs.gentoo.org/647880
    Closes: https://bugs.gentoo.org/641762
    Package-Manager: Portage-2.3.66, Repoman-2.3.12
    Signed-off-by: Eray Aslan <eras@gentoo.org>

 app-crypt/heimdal/Manifest                         |   1 +
 .../files/heimdal_build-headers-before-use.patch   |  29 ++++
 app-crypt/heimdal/files/heimdal_fix-db60.patch     |  11 ++
 app-crypt/heimdal/files/heimdal_hcrypto.patch      |  45 +++++
 app-crypt/heimdal/heimdal-7.6.0.ebuild             | 185 +++++++++++++++++++++
 app-crypt/heimdal/metadata.xml                     |   3 +
 6 files changed, 274 insertions(+)
Comment 3 Eray Aslan gentoo-dev 2019-05-17 07:56:08 UTC
Arches, please test and mark stable
=app-crypt/heimdal-7.6.0

Target Keywords = alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 ~sh ~sparc x86 ~amd64-fbsd
Comment 4 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-05-18 15:40:29 UTC
arm64 stable
Comment 5 Thomas Deutschmann gentoo-dev Security 2019-05-19 13:17:39 UTC
x86 stable
Comment 6 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-05-19 20:32:11 UTC
amd64 stable
Comment 7 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-05-23 13:19:11 UTC
arm stable
Comment 8 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-05-26 09:48:07 UTC
s390 stable
Comment 9 Rolf Eike Beer 2019-05-31 21:03:52 UTC
hppa stable
Comment 10 Agostino Sarubbo gentoo-dev 2019-06-06 06:46:34 UTC
alpha stable
Comment 11 Agostino Sarubbo gentoo-dev 2019-06-07 10:05:29 UTC
ia64 stable
Comment 12 Eray Aslan gentoo-dev 2019-08-08 06:07:55 UTC
ping ppc ppc64
Comment 13 Agostino Sarubbo gentoo-dev 2019-08-13 10:31:23 UTC
ppc stable