From change log (ftp://ftp.tin.org/pub/news/clients/tin/stable/CHANGES) for 2.4.3: BUG. possible buffer overflow when prompting for a wildcard search pattern in get_search_pattern() BUG. possible buffer overflows with long translations BUG. pointer arithmetic with possible NULL pointer
This needs a bump to 2.4.4 ideally (latest version). Noticed when prodding at bug 724504.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0b9b10345bbd1d162bfb3d8a2430b60d3341666 commit e0b9b10345bbd1d162bfb3d8a2430b60d3341666 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2021-01-23 05:24:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-24 01:48:02 +0000 net-nntp/tin: security bump to 2.4.5 Bump to EAPI 7, formatting fixes. Bug: https://bugs.gentoo.org/724510 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/19166 Signed-off-by: Sam James <sam@gentoo.org> net-nntp/tin/Manifest | 1 + net-nntp/tin/tin-2.4.5.ebuild | 73 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+)
arm done
amd64 done
ppc done
x86 done all arches done
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56f43fc3fec4f9f6916d4ae11487299b9cbe96c2 commit 56f43fc3fec4f9f6916d4ae11487299b9cbe96c2 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-02-22 03:22:56 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-02-22 03:24:00 +0000 net-nntp/tin: security cleanup (drop <2.4.5) Bug: https://bugs.gentoo.org/724510 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: John Helmert III <ajak@gentoo.org> net-nntp/tin/Manifest | 1 - net-nntp/tin/tin-2.4.2.ebuild | 77 ------------------------------------------- 2 files changed, 78 deletions(-)
Nothing to report for us. Repository is clean, all done!