Description: "FreeTDS through 1.1.11 has a Buffer Overflow." ---- From Debian's security tracker: * [stretch] - freetds <not-affected> (Vulnerable code introduced in 0.95 upstream) * [jessie] - freetds <not-affected> (Vulnerable code introduced in 0.95 upstream) * https://github.com/FreeTDS/freetds/commit/0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac * https://bugs.launchpad.net/bugs/1835896 * https://bugzilla.redhat.com/show_bug.cgi?id=1736255 * https://bugzilla.novell.com/show_bug.cgi?id=1141132
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2610743eedd16f2d34957ce027bd9c907481e6ff commit 2610743eedd16f2d34957ce027bd9c907481e6ff Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2021-01-07 16:04:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-10 19:09:29 +0000 dev-db/freetds: security bump to 1.2.18 Drop dependencies which are in the system set, drop libressl support as the package is on its way out and it already seems to be broken on this package (bug 685086), drop static-libs use flag (no consumers). Bug: https://bugs.gentoo.org/718950 Closes: https://bugs.gentoo.org/685086 Closes: https://bugs.gentoo.org/747265 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Signed-off-by: Sam James <sam@gentoo.org> dev-db/freetds/Manifest | 1 + .../freetds/files/freetds-1.2.18-xfail-tests.patch | 22 ++++++++ dev-db/freetds/freetds-1.2.18.ebuild | 60 ++++++++++++++++++++++ 3 files changed, 83 insertions(+)
amd64 done
x86 done
ppc done
arm done
arm64 done
sparc done
ppc64 done
s390 done all arches done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d23495f13d9522710d3bbc856dcd8840ef1133f4 commit d23495f13d9522710d3bbc856dcd8840ef1133f4 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2021-01-24 19:52:13 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-24 20:30:58 +0000 dev-db/freetds: security cleanup (drop <1.2.18) Bug: https://bugs.gentoo.org/718950 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/19198 Signed-off-by: Sam James <sam@gentoo.org> dev-db/freetds/Manifest | 1 - dev-db/freetds/freetds-1.00.558.ebuild | 73 ---------------------------------- 2 files changed, 74 deletions(-)
GLSA vote: no! Closing.