Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 724504 - dev-libs/uulib: Likely vulnerable to same as dev-perl/Convert-UUlib
Summary: dev-libs/uulib: Likely vulnerable to same as dev-perl/Convert-UUlib
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Auditing (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2020-05-21 20:52 UTC by Sam James
Modified: 2022-11-24 16:53 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-21 20:52:42 UTC
See e.g. bug 724494.

dev-libs/uulib has only 2 rdeps, it wouldn't be too much work to test with dev-perl/Convert-UUlib's fork, or see if we can backport the security fixes in the Perl version.

Note that the Perl module includes a fork, not a bundling (thanks kent\n).
Comment 1 Hanno Böck gentoo-dev 2022-11-24 16:53:35 UTC
The 2009 issue is this one:

It contains a hexdump of the proof of concept and does not crash uudeview, so I can only assume it's unaffected. I'll try to track down the PoC for the 2015 issue as well.