Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 766009 - <dev-python/python-levenshtein-0.12.1: Possible remote code execution
Summary: <dev-python/python-levenshtein-0.12.1: Possible remote code execution
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-18 15:33 UTC by Sam James
Modified: 2021-03-04 05:05 UTC (History)
1 user (show)

See Also:
Package list:
dev-python/python-levenshtein-0.12.1
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2021-01-18 15:33:16 UTC
"0.12.1
------

* Fixed handling of numerous possible wraparounds in calculating the size
  of memory allocations; incorrect handling of which could cause denial
  of service or even possible remote code execution in previous versions
  of the library."
Comment 1 Larry the Git Cow gentoo-dev 2021-01-18 15:34:41 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c856599b527a6710e1a47d36719604d7b38554e8

commit c856599b527a6710e1a47d36719604d7b38554e8
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-01-18 15:34:25 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-01-18 15:34:31 +0000

    dev-python/python-levenshtein: (security) bump to 0.12.1
    
    Bug: https://bugs.gentoo.org/766009
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-python/python-levenshtein/Manifest             |  1 +
 .../python-levenshtein-0.12.1.ebuild               | 24 ++++++++++++++++++++++
 2 files changed, 25 insertions(+)
Comment 2 Agostino Sarubbo gentoo-dev 2021-01-22 16:54:45 UTC
amd64 stable
Comment 3 Sam James archtester gentoo-dev Security 2021-01-22 18:43:10 UTC
arm64 done
Comment 4 Agostino Sarubbo gentoo-dev 2021-01-24 12:12:00 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.