CVE-2018-10195 (https://bugzilla.redhat.com/show_bug.cgi?id=1572058): lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. Looks like Fedora (et al) has a patch: https://src.fedoraproject.org/cgit/rpms/lrzsz.git/tree/lrzsz-0.12.20.patch
Package list is empty or all packages have requested keywords.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d72a7601ef530f753d2fa7d6ad7c0d3dddb1f93 commit 9d72a7601ef530f753d2fa7d6ad7c0d3dddb1f93 Author: Christopher Fore <csfore@posteo.net> AuthorDate: 2024-08-02 15:42:39 +0000 Commit: Viorel Munteanu <ceamac@gentoo.org> CommitDate: 2024-08-03 06:02:01 +0000 net-dialup/lrzsz: Fix information leak - Patch taken from Fedora (check patch file for link) - Seems to still be affected by https://bugs.gentoo.org/836585 - Tests pass otherwise ("All tests OK.") Bug: https://bugs.gentoo.org/797247 Signed-off-by: Christopher Fore <csfore@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/37927 Signed-off-by: Viorel Munteanu <ceamac@gentoo.org> .../files/lrzsz-0.12.20-fix-integer-overflow.patch | 23 +++++++ net-dialup/lrzsz/lrzsz-0.12.20-r9.ebuild | 76 ++++++++++++++++++++++ 2 files changed, 99 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1dd578a88a4e22e3492df54928aec7683f11280 commit b1dd578a88a4e22e3492df54928aec7683f11280 Author: Viorel Munteanu <ceamac@gentoo.org> AuthorDate: 2024-08-14 04:46:27 +0000 Commit: Viorel Munteanu <ceamac@gentoo.org> CommitDate: 2024-08-14 04:46:27 +0000 net-dialup/lrzsz: drop 0.12.20-r8 Bug: https://bugs.gentoo.org/797247 Signed-off-by: Viorel Munteanu <ceamac@gentoo.org> net-dialup/lrzsz/lrzsz-0.12.20-r8.ebuild | 75 -------------------------------- 1 file changed, 75 deletions(-)