Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 717936 (CVE-2020-14150) - <sys-devel/bison-3.5.4: Multiple vulnerabilities (CVE-2020-14150)
Summary: <sys-devel/bison-3.5.4: Multiple vulnerabilities (CVE-2020-14150)
Status: IN_PROGRESS
Alias: CVE-2020-14150
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://lists.gnu.org/archive/html/in...
Whiteboard: A3 [stable cve]
Keywords: CC-ARCHES, STABLEREQ
Depends on: bison-3.7
Blocks: CVE-2020-24240
  Show dependency tree
 
Reported: 2020-04-17 18:19 UTC by Sam James
Modified: 2020-09-19 20:55 UTC (History)
2 users (show)

See Also:
Package list:
sys-devel/bison-3.7.1-r1 sys-devel/gettext-0.21
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-04-17 18:19:26 UTC
Quoting from 3.5.4 release notes:
"Several unlikely crashes found by fuzzing have been fixed."
Comment 1 Sam James archtester gentoo-dev Security 2020-04-17 18:20:41 UTC
@maintainer(s), please advise if ready for stabilisation, or call yourself.

Given that these crashes are unlikely, if you are not yet comfortable with stabilisation, there is no problem.
Comment 2 Sam James archtester gentoo-dev Security 2020-06-04 17:00:35 UTC
ping
Comment 3 Andreas Sturmlechner gentoo-dev 2020-06-28 17:50:25 UTC
Why not go straight for 3.6.4?
Comment 4 Joakim Tjernlund 2020-06-29 20:50:43 UTC
(In reply to Andreas Sturmlechner from comment #3)
> Why not go straight for 3.6.4?

Yes, that would be great.
Comment 5 Rolf Eike Beer 2020-07-29 17:34:59 UTC
hppa stable
Comment 6 Sergei Trofimovich gentoo-dev 2020-08-01 15:20:12 UTC
sparc stable
Comment 7 Thomas Deutschmann gentoo-dev Security 2020-08-29 14:53:59 UTC
x86 stable
Comment 8 Thomas Deutschmann gentoo-dev Security 2020-08-31 19:13:34 UTC
Restarting stabilization with newer version due to bug 704894.
Comment 9 NATTkA bot gentoo-dev 2020-08-31 19:17:07 UTC
Sanity check failed:

> sys-devel/bison-3.7.1
>   bdepend amd64 stable profile default/linux/amd64/17.0 (79 total)
>     >=sys-devel/gettext-0.21
>   bdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (35 total)
>     >=sys-devel/gettext-0.21
Comment 10 NATTkA bot gentoo-dev 2020-08-31 19:22:31 UTC
All sanity-check issues have been resolved
Comment 11 Sam James archtester gentoo-dev Security 2020-08-31 19:35:05 UTC
*** Bug 733710 has been marked as a duplicate of this bug. ***
Comment 12 Thomas Deutschmann gentoo-dev Security 2020-08-31 20:45:03 UTC
x86 stable
Comment 13 Sam James archtester gentoo-dev Security 2020-08-31 20:55:38 UTC
s390 done
Comment 14 Sam James archtester gentoo-dev Security 2020-08-31 20:59:50 UTC
s390 done
Comment 15 Sam James archtester gentoo-dev Security 2020-08-31 21:23:35 UTC
ppc done
Comment 16 Sam James archtester gentoo-dev Security 2020-08-31 21:34:46 UTC
amd64 done
Comment 17 Sam James archtester gentoo-dev Security 2020-08-31 21:48:20 UTC
arm64 done
Comment 18 Sam James archtester gentoo-dev Security 2020-08-31 21:49:02 UTC
sparc done
Comment 19 Sam James archtester gentoo-dev Security 2020-08-31 21:49:50 UTC
ppc64 done
Comment 20 Sam James archtester gentoo-dev Security 2020-08-31 21:50:31 UTC
arm done
Comment 21 NATTkA bot gentoo-dev 2020-09-07 20:57:11 UTC
Unable to check for sanity:

> no match for package: sys-devel/bison-3.7.1
Comment 22 Sergei Trofimovich gentoo-dev 2020-09-07 21:21:21 UTC
hppa stable
Comment 23 Sergei Trofimovich gentoo-dev 2020-09-07 21:22:32 UTC
(In reply to Sergei Trofimovich from comment #22)
> hppa stable

Nope, wrong package name. Returning.
Comment 24 NATTkA bot gentoo-dev 2020-09-07 21:27:22 UTC
All sanity-check issues have been resolved
Comment 25 Rolf Eike Beer 2020-09-19 20:32:54 UTC
hppa stable