CVE-2017-17833 (https://nvd.nist.gov/vuln/detail/CVE-2017-17833): OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
Upstream patch: https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/
*** Bug 659558 has been marked as a duplicate of this bug. ***
Maintainers, Red Hat has this fixed in openslp-2.0.0-7 Debian in 1.2.1-9 Please advise if this is fixed and in tree already.
It is not. I'm going to treeclean it.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a5266f0c7fd9cb7c9c8c6fad432a4bac21e8466 commit 0a5266f0c7fd9cb7c9c8c6fad432a4bac21e8466 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-10-05 07:41:18 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-10-05 07:41:28 +0000 package.mask: Last rite net-libs/openslp Bug: https://bugs.gentoo.org/662878 Signed-off-by: Michał Górny <mgorny@gentoo.org> profiles/base/package.use.mask | 6 ++++++ profiles/package.mask | 6 ++++++ 2 files changed, 12 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae1e24fcf7e40e90f37be07085a1743127d4f4cf commit ae1e24fcf7e40e90f37be07085a1743127d4f4cf Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-11-05 22:34:37 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-11-05 22:34:43 +0000 net-libs/openslp: Remove last-rited pkg Bug: https://bugs.gentoo.org/662878 Signed-off-by: Michał Górny <mgorny@gentoo.org> net-libs/openslp/Manifest | 2 - net-libs/openslp/files/openslp-1.2.1-cflags.patch | 11 - net-libs/openslp/files/openslp-1.2.1-fbsd.patch | 12 - .../openslp/files/openslp-1.2.1-fixoverflow.patch | 11 - .../files/openslp-2.0.0-CVE-2012-4428.patch | 51 -- .../files/openslp-2.0.0-CVE-2016-4912.patch | 15 - .../files/openslp-2.0.0-CVE-2016-7567.patch | 94 --- net-libs/openslp/files/openslp-2.0.0-cflags.patch | 25 - .../openslp/files/openslp-2.0.0-namespace.patch | 773 --------------------- net-libs/openslp/files/slpd-init | 88 --- net-libs/openslp/files/slpd.service | 10 - net-libs/openslp/metadata.xml | 11 - net-libs/openslp/openslp-1.2.1-r3.ebuild | 43 -- net-libs/openslp/openslp-2.0.0-r4.ebuild | 43 -- net-libs/openslp/openslp-2.0.0-r5.ebuild | 44 -- profiles/package.mask | 6 - 16 files changed, 1239 deletions(-)
https://security.gentoo.org/glsa/202005-12