1.6 Thu Oct 24 17:11:54 CEST 2019 - fix heap overflow (testcase by Noel Duffy, reported by Robert Scheck). The defense-in-depth mechanism based on mmap should make this unexploitable for other than denial of service, on systems supporting mmap/mprotect. 1.5 Sat Jul 11 03:56:06 CEST 2015 - fix a heap overflow (testcase by Krzysztof Wojtaś). - on systems that support it (posix + mmap + map_anonymous), allocate all dynamic areas via mmap and put four guard pages around them, to catch similar heap overflows safely in the future. - find a safer way to pass in CC/CFLAGS to uulib. - added stability canary support.
@maintianer(s), let us know when ready for stabilisation.
How're we looking? :)
arm stable
ppc stable
ppc64 stable
sparc stable
x86 stable
amd64 stable
hppa stable
@maintainer(s), please cleanup
ping
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f86bf1c11c58fa8e4f08f59512960dcaafe626a5 commit f86bf1c11c58fa8e4f08f59512960dcaafe626a5 Author: Kent Fredric <kentnl@gentoo.org> AuthorDate: 2020-06-20 03:09:36 +0000 Commit: Kent Fredric <kentnl@gentoo.org> CommitDate: 2020-06-20 03:09:58 +0000 dev-perl/Convert-UUlib: Cleanup old 1.{4,5}00.0-r1 re bug #724494 Removing versions affected by heap overflow issues Bug: https://bugs.gentoo.org/724494 Closes: https://bugs.gentoo.org/723216 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Kent Fredric <kentnl@gentoo.org> .../Convert-UUlib/Convert-UUlib-1.400.0-r1.ebuild | 17 ---------- .../Convert-UUlib/Convert-UUlib-1.500.0-r1.ebuild | 35 -------------------- dev-perl/Convert-UUlib/Manifest | 2 -- .../files/Convert-UUlib-1.500.0-unbundle.patch | 37 ---------------------- dev-perl/Convert-UUlib/metadata.xml | 3 -- 5 files changed, 94 deletions(-)
Thanks!
GLSA vote: no. Thanks, closing!