(https://nvd.nist.gov/vuln/detail/CVE-2019-7309): In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. @maintainter(s): master branch for 2.27 was updated [ Mon Feb 4 08:55:52 2019 ], via 2ebadb6451eda1d518d70e26cf4ceeb0362e2456. Gentoo Security Padawan (domhnall)
Fixed in 2.30
Unable to check for sanity: > dependent bug #712726 is missing keywords
Resetting sanity check; package list is empty or all packages are done.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cce133930b2d85cd8bed66715857ccf550048bbd commit cce133930b2d85cd8bed66715857ccf550048bbd Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2020-05-04 18:35:42 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2020-05-04 18:37:12 +0000 package.mask: Update old glibc mask, now masking <2.30-r8 Bug: https://bugs.gentoo.org/712726 Bug: https://bugs.gentoo.org/677272 Bug: https://bugs.gentoo.org/679044 Bug: https://bugs.gentoo.org/711558 Bug: https://bugs.gentoo.org/717938 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Removed from tree, adding to GLSA
This issue was resolved and addressed in GLSA 202006-04 at https://security.gentoo.org/glsa/202006-04 by GLSA coordinator Aaron Bauman (b-man).