620926 – (CVE-2017-9434) <dev-libs/crypto++-5.6.5-r1: Out-of-bounds read in zinflate (CVE-2017-9434)

Bug 620926 (CVE-2017-9434) - <dev-libs/crypto++-5.6.5-r1: Out-of-bounds read in zinflate (CVE-2017-9434)

Summary: <dev-libs/crypto++-5.6.5-r1: Out-of-bounds read in zinflate (CVE-2017-9434)

Status:	RESOLVED FIXED

Alias:	CVE-2017-9434

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-06-05 15:06 UTC by Agostino Sarubbo
Modified:	2017-10-20 02:35 UTC (History)
CC List:	3 users (show)

See Also:
Package list:	=dev-libs/crypto++-5.6.5-r1 alpha amd64 arm64 hppa ppc ppc64 sparc x86
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2017-06-05 15:06:18 UTC

From ${URL} :

Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.

Upstream issue:

https://github.com/weidai11/cryptopp/issues/414

Upstream patch:

https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Alon Bar-Lev (RETIRED) gentoo-dev

2017-06-05 17:31:30 UTC

> @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Thanks! We can stabilize.

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-05 18:22:54 UTC

@ Arches,

please test and mark stable: =dev-libs/crypto++-5.6.5-r1

Comment 3 Agostino Sarubbo gentoo-dev

2017-06-06 11:31:43 UTC

amd64 stable

Comment 4 Agostino Sarubbo gentoo-dev

2017-06-09 10:22:04 UTC

x86 stable

Comment 5 Agostino Sarubbo gentoo-dev

2017-06-10 13:49:00 UTC

sparc stable

Comment 6 Agostino Sarubbo gentoo-dev

2017-06-13 12:35:00 UTC

ppc64 stable

Comment 7 Tobias Klausmann (RETIRED) gentoo-dev

2017-06-20 14:58:54 UTC

Stable on alpha.

Comment 8 Agostino Sarubbo gentoo-dev

2017-06-21 12:02:55 UTC

ppc stable

Comment 9 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-08-16 15:03:48 UTC

Arches, please finish stabilizing hppa

Gentoo Security Padawan
ChrisADR

Comment 10 Alexis Ballier gentoo-dev

2017-09-02 11:55:10 UTC

arm64 done

Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev

2017-09-30 06:35:41 UTC

hppa stable