Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 724618 - app-text/uudeview: Likely vulnerable to same as dev-perl/Convert-UUlib
Summary: app-text/uudeview: Likely vulnerable to same as dev-perl/Convert-UUlib
Status: RESOLVED NEEDINFO
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Auditing (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-23 08:06 UTC by Kent Fredric (IRC: kent\n) (RETIRED)
Modified: 2022-12-24 08:09 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kent Fredric (IRC: kent\n) (RETIRED) gentoo-dev 2020-05-23 08:06:27 UTC 
This has the exact same sources as dev-libs/uulib as per bug #724504, which are likely to be vulnerable as in bug #724494
Comment 1 Hanno Böck gentoo-dev 2022-11-26 17:56:28 UTC 
I am not sure we're actually affected here.
The 2019 PoC can be found here:
https://bugzilla.redhat.com/show_bug.cgi?id=1711098
It does not trigger any issues in uudeview.

For the 2015 one I have not found a reference.
Comment 2 Hanno Böck gentoo-dev 2022-11-30 09:45:56 UTC 
2015 issue: https://rt.cpan.org/Public/Bug/Display.html?id=100960

Have to see how I can check reliably whether uudeview is vulnerable.
Comment 3 Hanno Böck gentoo-dev 2022-12-23 14:46:29 UTC 
Having checked these inputs and also done some fuzzing on uudeview I am reasonably confident that it is not vulnerable to any of these.

Therefore closing. Please re-open if you can reproduce these issues with any input on uudeview.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-12-24 08:09:57 UTC 
(In reply to Hanno Böck from comment #3)
> Having checked these inputs and also done some fuzzing on uudeview I am
> reasonably confident that it is not vulnerable to any of these.
> 
> Therefore closing. Please re-open if you can reproduce these issues with any
> input on uudeview.

Thanks hanno!