Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 648806 (CVE-2018-7409, CVE-2018-7485) - <dev-db/unixODBC-2.3.5-r1: Multiple vulnerabilities
Summary: <dev-db/unixODBC-2.3.5-r1: Multiple vulnerabilities
Alias: CVE-2018-7409, CVE-2018-7485
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on:
Reported: 2018-02-26 09:29 UTC by Agostino Sarubbo
Modified: 2018-04-22 21:05 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2018-02-26 09:29:27 UTC
From ${URL} :

unixODBC before version 2.3.5 is vulnerable to a buffer overflow in the DriverManager/__info.c:unicode_to_ansi_copy() method. An attacker could exploit this to cause a denial of service or other 
unspecified impact.

Upstream Release:

Upstream Revision:

@maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Comment 1 Sergei Trofimovich (RETIRED) gentoo-dev 2018-02-26 22:23:00 UTC
ia64 stable
Comment 2 Jason Zaman gentoo-dev 2018-02-27 13:43:52 UTC
amd64 stable
Comment 3 Andreas Sturmlechner gentoo-dev 2018-02-27 16:30:50 UTC
We may want to do another revbump here:
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2018-02-27 21:57:20 UTC
hppa stable
Comment 5 Arfrever Frehtes Taifersar Arahesis 2018-02-28 01:44:03 UTC
(In reply to Andreas Sturmlechner from comment #3)
> We may want to do another revbump here:

CVE-2018-7485 has been fixed in dev-db/unixODBC-2.3.5-r1:

(Re-adding architectures which already stabilized dev-db/unixODBC-2.3.5.)
Comment 6 Agostino Sarubbo gentoo-dev 2018-02-28 09:10:27 UTC
amd64 stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2018-02-28 21:49:53 UTC
ia64 stable
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2018-03-04 06:55:03 UTC
x86 stable
Comment 9 Tobias Klausmann (RETIRED) gentoo-dev 2018-03-05 17:15:06 UTC
Stable on alpha.
Comment 10 Markus Meier gentoo-dev 2018-03-13 17:53:40 UTC
arm stable
Comment 11 Matt Turner gentoo-dev 2018-03-17 23:10:29 UTC
ppc/ppc64 stable
Comment 12 Matt Turner gentoo-dev 2018-04-22 19:18:07 UTC
hppa stable
Comment 13 Aaron Bauman (RETIRED) gentoo-dev 2018-04-22 21:03:47 UTC
GLSA Vote: No
Comment 14 Larry the Git Cow gentoo-dev 2018-04-22 21:04:36 UTC
The bug has been referenced in the following commit(s):

commit 39c422a7e8f89eae65e536fd255a5648ae2f09e9
Author:     Aaron Bauman <>
AuthorDate: 2018-04-22 21:04:13 +0000
Commit:     Aaron Bauman <>
CommitDate: 2018-04-22 21:04:26 +0000

    dev-db/unixODBC: drop vulnerable
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 dev-db/unixODBC/unixODBC-2.3.5.ebuild | 61 -----------------------------------
 1 file changed, 61 deletions(-)}