From $URL: > Security fixes > > Two security issues have been identified in the SASL SCRAM protocol handler: > > The client nonce, which is expected to be a random string, was a static string. > If sasl.username and sasl.password contained characters that needed escaping, a buffer overflow and heap corruption would occur. This was protected, but too late, by an assertion. > > Both of these issues are fixed in this release.
arm64 stable
amd64 stable
arm stable
x86 stable
GLSA Vote: No
hppa stable
@maintainer(s), please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d43aca579cd3e0fa62569c2030f82db85c9bcb8e commit d43aca579cd3e0fa62569c2030f82db85c9bcb8e Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-30 23:36:00 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-30 23:36:09 +0000 dev-libs/librdkafka: security cleanup Bug: https://bugs.gentoo.org/717704 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-libs/librdkafka/Manifest | 4 -- ...librdkafka-1.1.0-remove-automagic-on-zstd.patch | 29 -------- dev-libs/librdkafka/librdkafka-1.1.0.ebuild | 78 ---------------------- dev-libs/librdkafka/librdkafka-1.2.1.ebuild | 76 --------------------- dev-libs/librdkafka/librdkafka-1.2.2.ebuild | 76 --------------------- dev-libs/librdkafka/librdkafka-1.3.0.ebuild | 76 --------------------- 6 files changed, 339 deletions(-)
Repository is clean, all done!