750776 – dev-db/mysql-cluster: Memory corruption in bundled JS module (CVE-2020-8174)

Bug 750776 - dev-db/mysql-cluster: Memory corruption in bundled JS module (CVE-2020-8174)

Summary: dev-db/mysql-cluster: Memory corruption in bundled JS module (CVE-2020-8174)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://www.oracle.com/security-alert...
Whiteboard:	~4 [noglsa]
Keywords:	PMASKED

Depends on:	834113
Blocks:
	Show dependency tree

Reported:	2020-10-23 04:03 UTC by John Helmert III
Modified:	2022-04-13 14:39 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2020-10-23 04:03:24 UTC

Oracle's October 2020 Security Advisory states that mysql-cluster is vulnerable to CVE-2020-8174:

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

The advisory lists <7.3.30, <7.4.29, <7.6.15, and <8.0.21 as affected. Please bump.

Comment 1 Sam James archtester

2021-02-24 22:56:07 UTC

ping

Comment 2 NATTkA bot gentoo-dev

2021-07-29 17:25:39 UTC

Package list is empty or all packages have requested keywords.

Comment 3 Larry the Git Cow gentoo-dev

2022-03-11 14:44:30 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efc70d2d8a5e6eb1d891faa922ebc513e422a896

commit efc70d2d8a5e6eb1d891faa922ebc513e422a896
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-03-11 14:43:53 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-11 14:44:17 +0000

    profiles: last-rite dev-db/mysql-cluster
    
    Bug: https://bugs.gentoo.org/834113
    Bug: https://bugs.gentoo.org/638856
    Bug: https://bugs.gentoo.org/675986
    Bug: https://bugs.gentoo.org/693564
    Bug: https://bugs.gentoo.org/741548
    Bug: https://bugs.gentoo.org/746710
    Bug: https://bugs.gentoo.org/750776
    Bug: https://bugs.gentoo.org/781281
    Bug: https://bugs.gentoo.org/801697
    Bug: https://bugs.gentoo.org/805521
    Bug: https://bugs.gentoo.org/819660
    Bug: https://bugs.gentoo.org/829342
    Bug: https://bugs.gentoo.org/831445
    Bug: https://bugs.gentoo.org/833523
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/package.mask | 6 ++++++
 1 file changed, 6 insertions(+)

Comment 4 Larry the Git Cow gentoo-dev

2022-04-13 05:55:12 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09e310df2857835d3298359785d695c5fb9d60ee

commit 09e310df2857835d3298359785d695c5fb9d60ee
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-04-13 05:51:21 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-04-13 05:54:57 +0000

    dev-db/mysql-cluster: treeclean
    
    Closes: https://bugs.gentoo.org/834113
    Closes: https://bugs.gentoo.org/829342
    Closes: https://bugs.gentoo.org/833523
    Closes: https://bugs.gentoo.org/693564
    Closes: https://bugs.gentoo.org/741548
    Closes: https://bugs.gentoo.org/746710
    Closes: https://bugs.gentoo.org/781281
    Closes: https://bugs.gentoo.org/638856
    Closes: https://bugs.gentoo.org/675986
    Closes: https://bugs.gentoo.org/831445
    Closes: https://bugs.gentoo.org/750776
    Closes: https://bugs.gentoo.org/801697
    Closes: https://bugs.gentoo.org/805521
    Bug: https://bugs.gentoo.org/819660
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/mysql-cluster/Manifest                    |   2 -
 dev-db/mysql-cluster/files/my.cnf-5.6            | 139 ----
 dev-db/mysql-cluster/metadata.xml                |  19 -
 dev-db/mysql-cluster/mysql-cluster-7.4.21.ebuild | 811 -----------------------
 4 files changed, 971 deletions(-)

Comment 5 Sam James archtester

2022-04-13 05:56:10 UTC

Removed.