From ${URL} : The following commit fixes a memory corruption bug that I reported in OpenSLP: https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/ Below are the details of the issue: static int SLPFoldWhiteSpace(size_t len, char * str) { char * p = str, * ep = str + len; while (p < ep) { if (isspace(*p)) { char * ws2p = ++p; while (isspace(*p)) p++; len -= p - ws2p; memmove(ws2p, p, ep - p); The outer while loop checks for p < ep, but lack of bound check in inner while loop could result in p > ep. This will result in passing a very large 'size_t len' (ep - p) parameter for memmove(). @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
commit d9daa618c8a85908978180048f86c08c7a4dc85d Author: Andreas K. Hüttel <dilfridge@gentoo.org> Date: Sun Feb 19 17:48:34 2017 +0100 net-libs/openslp: Add patch for CVE-2016-7567, bug 595542 Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-libs/openslp/files/openslp-2.0.0-CVE-2016-7567.patch | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ net-libs/openslp/openslp-2.0.0-r4.ebuild | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 138 insertions(+)
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
Arches please stabilize net-libs/openslp-2.0.0-r4
amd64 stable
Stable for HPPA.
x86 stable
arm stable
sparc stable
Stable on alpha.
ppc ppc64 stable.
New GLSA Request filed. ia64 is nto a security supported arch, proceeding with the rest of the process ia64 please finish stabilization or drop from stable.
ia64 stable Last arch is done.
@ Maintainer(s): Please cleanup and drop <net-libs/openslp-2.0.0-r4!
Cleanup done. Nothing to do for printing here anymore.
This issue was resolved and addressed in GLSA 201707-05 at https://security.gentoo.org/glsa/201707-05 by GLSA coordinator Thomas Deutschmann (whissi).
