Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 409117 (CVE-2012-1162) - <dev-libs/libzip-0.10.1 information leak and heap overflow (CVE-2012-{1162,1163})
Summary: <dev-libs/libzip-0.10.1 information leak and heap overflow (CVE-2012-{1162,11...
Status: RESOLVED FIXED
Alias: CVE-2012-1162
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-03-21 09:40 UTC by Hanno Böck
Modified: 2012-03-29 11:44 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2012-03-21 09:40:16 UTC
See
http://www.nih.at/libzip/NEWS.html
Comment 1 Johannes Huber gentoo-dev 2012-03-21 11:29:36 UTC
=dev-libs/libzip-0.10.1 is now in tree.

+  21 Mar 2012; Johannes Huber <johu@gentoo.org> +libzip-0.10.1.ebuild:
+  Version bump. Upstream security bug fix release. Fixes CVE-2012-1162,
+  CVE-2012-1163. Bug #409117.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-03-22 13:49:41 UTC
Thanks, much.

Arches, please test and mark stable:
=dev-libs/libzip-0.10.1
Target keywords : "amd64 hppa ppc ppc64 x86"
Comment 3 Agostino Sarubbo gentoo-dev 2012-03-23 10:30:10 UTC
amd64 stable
Comment 4 Jeroen Roovers gentoo-dev 2012-03-23 14:38:58 UTC
Stable for HPPA.
Comment 5 Brent Baude (RETIRED) gentoo-dev 2012-03-25 14:16:19 UTC
ppc done
Comment 6 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-03-27 15:01:29 UTC
x86 stable
Comment 7 Brent Baude (RETIRED) gentoo-dev 2012-03-28 20:10:57 UTC
ppc64 done
Comment 8 Sean Amoss gentoo-dev Security 2012-03-28 20:13:33 UTC
Thanks, everyone. 

Already on existing GLSA request which is ready for review.
Comment 9 Johannes Huber gentoo-dev 2012-03-28 20:19:53 UTC
Thanks all. Affected version removed from tree. Remove kde from cc.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2012-03-29 11:44:11 UTC
This issue was resolved and addressed in
 GLSA 201203-23 at http://security.gentoo.org/glsa/glsa-201203-23.xml
by GLSA coordinator Sean Amoss (ackle).