1) CVE-2020-10232 Description: "In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c." Patch: https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1 2) CVE-2020-10233 Description: "In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c." Bug: https://github.com/sleuthkit/sleuthkit/issues/1829 Patch (PR): https://github.com/sleuthkit/sleuthkit/pull/1837
@maintainer(s), please create an appropriate ebuild
@maintainer(s): ping
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=811a39b416b02091e788a3788c6b3bad1396e4fb commit 811a39b416b02091e788a3788c6b3bad1396e4fb Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2020-05-06 00:01:59 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2020-05-06 00:06:57 +0000 app-forensics/sleuthkit: bump to 4.9.0 Bug: https://bugs.gentoo.org/711930 Package-Manager: Portage-2.3.69, Repoman-2.3.14 Signed-off-by: Göktürk Yüksek <gokturk@gentoo.org> app-forensics/sleuthkit/Manifest | 2 + app-forensics/sleuthkit/sleuthkit-4.9.0.ebuild | 298 +++++++++++++++++++++++++ 2 files changed, 300 insertions(+)
CVE-2019-14532 (https://nvd.nist.gov/vuln/detail/CVE-2019-14532): An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table. CVE-2019-14531 (https://nvd.nist.gov/vuln/detail/CVE-2019-14531): An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c.
@maintainer(s), please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f51fa4ab5df227dd66c3979406ce194968ff329c commit f51fa4ab5df227dd66c3979406ce194968ff329c Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-06-20 01:11:03 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-20 01:11:03 +0000 app-forensics/sleuthkit: drop vulnerable Bug: https://bugs.gentoo.org/690194 Bug: https://bugs.gentoo.org/711930 Signed-off-by: Aaron Bauman <bman@gentoo.org> app-forensics/sleuthkit/Manifest | 7 - app-forensics/sleuthkit/sleuthkit-4.6.5.ebuild | 270 ----------------------- app-forensics/sleuthkit/sleuthkit-4.6.6.ebuild | 270 ----------------------- app-forensics/sleuthkit/sleuthkit-4.6.7.ebuild | 268 ----------------------- app-forensics/sleuthkit/sleuthkit-4.7.0.ebuild | 289 ------------------------ app-forensics/sleuthkit/sleuthkit-4.8.0.ebuild | 292 ------------------------- 6 files changed, 1396 deletions(-)