Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 569518 (CVE-2015-8659) - <net-libs/nghttp2-1.6.0: Heap-use-after-free (CVE-2015-8659)
Summary: <net-libs/nghttp2-1.6.0: Heap-use-after-free (CVE-2015-8659)
Alias: CVE-2015-8659
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa cve]
Depends on:
Reported: 2015-12-23 16:50 UTC by Hanno Böck
Modified: 2016-12-04 11:00 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2015-12-23 16:50:31 UTC
nghttp2 1.6.0 fixes a use after free bug:

The upstream changelog isn't very specific about security implications, but use after free in network facing code is usually pretty serious.
Comment 1 SpanKY gentoo-dev 2015-12-23 17:11:16 UTC
1.6.0 is already in the tree
Comment 2 Agostino Sarubbo gentoo-dev 2015-12-23 19:23:10 UTC
is ready to go to stable?
Comment 3 SpanKY gentoo-dev 2015-12-23 19:48:08 UTC
probably.  no one has complained thus far.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2015-12-24 00:27:58 UTC
Arches, please test and mark stable:


Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

Thank you!
Comment 5 Agostino Sarubbo gentoo-dev 2015-12-24 20:12:07 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2015-12-25 18:22:04 UTC
x86 stable
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2015-12-26 09:58:07 UTC
Stable for HPPA PPC64.
Comment 8 Agostino Sarubbo gentoo-dev 2015-12-26 10:56:48 UTC
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-01-09 07:12:00 UTC
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-01-10 10:42:43 UTC
alpha stable
Comment 11 Agostino Sarubbo gentoo-dev 2016-01-11 09:08:45 UTC
ia64 stable
Comment 12 SpanKY gentoo-dev 2016-02-03 18:52:09 UTC
all arches done now
Comment 13 Yury German Gentoo Infrastructure gentoo-dev 2016-02-25 07:10:35 UTC
Arches and Maintainer(s), Thank you for your work.

New GLSA Request filed.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2016-12-04 11:00:57 UTC
This issue was resolved and addressed in
 GLSA 201612-06 at
by GLSA coordinator Aaron Bauman (b-man).