From ${URL} : unixODBC before version 2.3.5 is vulnerable to a buffer overflow in the DriverManager/__info.c:unicode_to_ansi_copy() method. An attacker could exploit this to cause a denial of service or other unspecified impact. Upstream Release: https://sourceforge.net/projects/unixodbc/files/unixODBC/2.3.5/ Upstream Revision: https://sourceforge.net/p/unixodbc/code/136/#diff-12 @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
ia64 stable
amd64 stable
We may want to do another revbump here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7485 https://github.com/gentoo/gentoo/pull/7300
hppa stable
(In reply to Andreas Sturmlechner from comment #3) > We may want to do another revbump here: > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7485 > > https://github.com/gentoo/gentoo/pull/7300 CVE-2018-7485 has been fixed in dev-db/unixODBC-2.3.5-r1: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af28844cc92f8edd1fcd049e357d169a3dddc176 (Re-adding architectures which already stabilized dev-db/unixODBC-2.3.5.)
x86 stable
Stable on alpha.
arm stable
ppc/ppc64 stable
GLSA Vote: No
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39c422a7e8f89eae65e536fd255a5648ae2f09e9 commit 39c422a7e8f89eae65e536fd255a5648ae2f09e9 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-22 21:04:13 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-22 21:04:26 +0000 dev-db/unixODBC: drop vulnerable Bug: https://bugs.gentoo.org/648806 Package-Manager: Portage-2.3.31, Repoman-2.3.9 dev-db/unixODBC/unixODBC-2.3.5.ebuild | 61 ----------------------------------- 1 file changed, 61 deletions(-)}