"The wcsnrtombs function in all musl libc versions up through 1.2.1 has
been found to have multiple bugs in handling of destination buffer
size when limiting the input character count, which can lead to
infinite loop with no forward progress (no overflow) or writing past
the end of the destination buffera.
This function is not used internally in musl and is not widely used,
but does appear in some applications. The non-input-limiting form
wcsrtombs is not affected.
All users of musl 1.2.1 and prior versions should apply the attached
patch, which replaces the overly complex and erroneous implementation.
The upcoming 1.2.2 release will adopt this new implementation."
Please apply the patch linked (in URL), thanks!
The bug has been referenced in the following commit(s):
Author: Sam James <firstname.lastname@example.org>
AuthorDate: 2020-11-24 14:59:52 +0000
Commit: Sam James <email@example.com>
CommitDate: 2020-11-24 14:59:59 +0000
sys-libs/musl: security bump for CVE-2020-28928
Acked-by: Anthony G. Basile <firstname.lastname@example.org>
Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Sam James <email@example.com>
.../musl/files/musl-1.2.1-CVE-2020-28928.patch | 114 ++++++++++++++++++
sys-libs/musl/musl-1.2.1-r1.ebuild | 133 +++++++++++++++++++++
2 files changed, 247 insertions(+)
Stabilisation is pending on blueness testing this out in production.
(In reply to Sam James from comment #4)
> Stabilisation is pending on blueness testing this out in production.
1.2.1-r1 stable on all arches
(In reply to Anthony Basile from comment #5)
> (In reply to Sam James from comment #4)
> > Stabilisation is pending on blueness testing this out in production.
> 1.2.1-r1 stable on all arches
Thanks! Please cleanup when ready.
Unable to check for sanity:
> no match for package: sys-libs/musl-1.2.1-r1
Tree is clean
Package list is empty or all packages have requested keywords.