Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 738984 (CVE-2020-14363) - <x11-libs/libX11-1.6.12: Double free in locale handling (CVE-2020-14363)
Summary: <x11-libs/libX11-1.6.12: Double free in locale handling (CVE-2020-14363)
Status: CONFIRMED
Alias: CVE-2020-14363
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://www.openwall.com/lists/oss-se...
Whiteboard: A2 [glsa+ cve cleanup]
Keywords:
Depends on:
Blocks: CVE-2020-14344
  Show dependency tree
 
Reported: 2020-08-25 16:48 UTC by Sam James
Modified: 2020-09-18 12:37 UTC (History)
1 user (show)

See Also:
Package list:
x11-libs/libX11-1.6.12
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James gentoo-dev Security 2020-08-25 16:48:45 UTC
* CVE-2020-14363

Description:
"There is an integer overflow and a double free vulnerability in the way
LibX11 handles locales. The integer overflow is a necessary precursor to
the double free."
Comment 1 Sam James gentoo-dev Security 2020-08-25 17:18:53 UTC
amd64 done
Comment 2 Sam James gentoo-dev Security 2020-08-25 17:30:20 UTC
arm64 stable
Comment 3 Sam James gentoo-dev Security 2020-08-25 19:40:18 UTC
arm done
Comment 4 Sam James gentoo-dev Security 2020-08-25 19:54:23 UTC
x86 done
Comment 5 Sam James gentoo-dev Security 2020-08-25 19:55:49 UTC
sparc done
Comment 6 Sam James gentoo-dev Security 2020-08-25 20:50:50 UTC
ppc64 done
Comment 7 Rolf Eike Beer 2020-08-26 18:36:12 UTC
hppa stable
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-08-27 23:57:25 UTC
This issue was resolved and addressed in
 GLSA 202008-18 at https://security.gentoo.org/glsa/202008-18
by GLSA coordinator Sam James (sam_c).
Comment 9 Sam James gentoo-dev Security 2020-08-27 23:58:04 UTC
Reopening for stable.
Comment 10 Sam James gentoo-dev Security 2020-08-29 13:13:27 UTC
ppc done
Comment 11 Agostino Sarubbo gentoo-dev 2020-09-18 08:12:02 UTC
s390 stable.

Maintainer(s), please cleanup.