(https://nvd.nist.gov/vuln/detail/CVE-2019-1010065): The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesystem image. upstream fix: https://github.com/sleuthkit/sleuthkit/commit/114cd3d0aac8bd1aeaf4b33840feb0163d342d5b Gentoo Security Padawan (domhnall)
@maintainer(s), ping - please advise if ready for stabilisation or call yourself
Bug stabilization in in linked bug 721154
@maintainer(s), please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f51fa4ab5df227dd66c3979406ce194968ff329c commit f51fa4ab5df227dd66c3979406ce194968ff329c Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-06-20 01:11:03 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-20 01:11:03 +0000 app-forensics/sleuthkit: drop vulnerable Bug: https://bugs.gentoo.org/690194 Bug: https://bugs.gentoo.org/711930 Signed-off-by: Aaron Bauman <bman@gentoo.org> app-forensics/sleuthkit/Manifest | 7 - app-forensics/sleuthkit/sleuthkit-4.6.5.ebuild | 270 ----------------------- app-forensics/sleuthkit/sleuthkit-4.6.6.ebuild | 270 ----------------------- app-forensics/sleuthkit/sleuthkit-4.6.7.ebuild | 268 ----------------------- app-forensics/sleuthkit/sleuthkit-4.7.0.ebuild | 289 ------------------------ app-forensics/sleuthkit/sleuthkit-4.8.0.ebuild | 292 ------------------------- 6 files changed, 1396 deletions(-)