Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 718950 (CVE-2019-13508) - <dev-db/freetds-1.2.18: Buffer overflow (CVE-2019-13508)
Summary: <dev-db/freetds-1.2.18: Buffer overflow (CVE-2019-13508)
Status: RESOLVED FIXED
Alias: CVE-2019-13508
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-23 01:52 UTC by Sam James
Modified: 2021-01-25 23:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-04-23 01:52:46 UTC
Description:
"FreeTDS through 1.1.11 has a Buffer Overflow."

----
From Debian's security tracker:
* [stretch] - freetds <not-affected> (Vulnerable code introduced in 0.95 upstream)
* [jessie] - freetds <not-affected> (Vulnerable code introduced in 0.95 upstream)
* https://github.com/FreeTDS/freetds/commit/0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac
* https://bugs.launchpad.net/bugs/1835896
* https://bugzilla.redhat.com/show_bug.cgi?id=1736255
* https://bugzilla.novell.com/show_bug.cgi?id=1141132
Comment 1 Larry the Git Cow gentoo-dev 2021-01-10 19:13:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2610743eedd16f2d34957ce027bd9c907481e6ff

commit 2610743eedd16f2d34957ce027bd9c907481e6ff
Author:     John Helmert III <jchelmert3@posteo.net>
AuthorDate: 2021-01-07 16:04:29 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-01-10 19:09:29 +0000

    dev-db/freetds: security bump to 1.2.18
    
    Drop dependencies which are in the system set, drop libressl support as
    the package is on its way out and it already seems to be broken on this
    package (bug 685086), drop static-libs use flag (no consumers).
    
    Bug: https://bugs.gentoo.org/718950
    Closes: https://bugs.gentoo.org/685086
    Closes: https://bugs.gentoo.org/747265
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Signed-off-by: John Helmert III <jchelmert3@posteo.net>
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/freetds/Manifest                            |  1 +
 .../freetds/files/freetds-1.2.18-xfail-tests.patch | 22 ++++++++
 dev-db/freetds/freetds-1.2.18.ebuild               | 60 ++++++++++++++++++++++
 3 files changed, 83 insertions(+)
Comment 2 Sam James archtester gentoo-dev Security 2021-01-20 00:03:05 UTC
amd64 done
Comment 3 Sam James archtester gentoo-dev Security 2021-01-20 00:03:34 UTC
x86 done
Comment 4 Sam James archtester gentoo-dev Security 2021-01-20 00:04:16 UTC
ppc done
Comment 5 Sam James archtester gentoo-dev Security 2021-01-20 00:05:15 UTC
arm done
Comment 6 Sam James archtester gentoo-dev Security 2021-01-20 00:05:45 UTC
arm64 done
Comment 7 Sam James archtester gentoo-dev Security 2021-01-20 00:06:39 UTC
sparc done
Comment 8 Sam James archtester gentoo-dev Security 2021-01-20 09:30:20 UTC
ppc64 done
Comment 9 Sam James archtester gentoo-dev Security 2021-01-24 13:30:41 UTC
s390 done

all arches done
Comment 10 Larry the Git Cow gentoo-dev 2021-01-24 20:31:03 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d23495f13d9522710d3bbc856dcd8840ef1133f4

commit d23495f13d9522710d3bbc856dcd8840ef1133f4
Author:     John Helmert III <jchelmert3@posteo.net>
AuthorDate: 2021-01-24 19:52:13 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-01-24 20:30:58 +0000

    dev-db/freetds: security cleanup (drop <1.2.18)
    
    Bug: https://bugs.gentoo.org/718950
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: John Helmert III <jchelmert3@posteo.net>
    Closes: https://github.com/gentoo/gentoo/pull/19198
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/freetds/Manifest                |  1 -
 dev-db/freetds/freetds-1.00.558.ebuild | 73 ----------------------------------
 2 files changed, 74 deletions(-)
Comment 11 Sam James archtester gentoo-dev Security 2021-01-25 23:38:38 UTC
GLSA vote: no!

Closing.