Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 776772 (CVE-2021-29376) - <net-irc/ircii-20210314: Multiple vulnerabilities
Summary: <net-irc/ircii-20210314: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2021-29376
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa?]
Keywords:
: 777978 (view as bug list)
Depends on:
Blocks:
 
Reported: 2021-03-16 22:38 UTC by Sam James
Modified: 2021-07-29 18:12 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-16 22:38:09 UTC
From the NEWS:

Changes in ircII 20210314:

  o  fix two memory leaks, one from michael ortmann <ortmann@posteo.de>.
  o  removed support for non-host getaddrinfo(), getnameinfo(),
     inet_pton(), inet_ntop(), and snprintf().
  o  fixes for various issues by michael ortmann <ortmann@posteo.de>.

Changes in ircII 20210225:

  o  new --with-sanitizer=<asan|ubsan|lsan> configure support
  o  many fixes for fuzzer and sanitizer found issues
  o  the $IRCSERVERS variable no longer triggers some library asserts 
  o  avoid displaying negative hours/minutes
  o  fix a potential messages goes to wrong window issue in numerics

And ChangeLog has more details involving e.g. CTCP (http://ircii.warped.com/ircii-current/ircii/ChangeLog).
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-16 22:38:24 UTC
Tell us when ready to stable.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-03-24 13:04:06 UTC
*** Bug 777978 has been marked as a duplicate of this bug. ***
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-28 05:44:47 UTC
Shall we?
Comment 4 Ben Kohler gentoo-dev 2021-03-28 11:20:26 UTC
Sure go ahead with stabilization
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-28 11:23:50 UTC
(In reply to Ben Kohler from comment #4)
> Sure go ahead with stabilization

Thanks!
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-28 12:15:30 UTC
x86 done
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-28 12:16:13 UTC
amd64 done

all arches done
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-03-28 14:52:12 UTC
Please cleanup.
Comment 9 Larry the Git Cow gentoo-dev 2021-03-28 15:15:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70ca7084ab9d6c1054d56d2af18927615ea73d99

commit 70ca7084ab9d6c1054d56d2af18927615ea73d99
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2021-03-28 15:15:39 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2021-03-28 15:15:39 +0000

    net-irc/ircii: drop old
    
    Bug: https://bugs.gentoo.org/776772
    Package-Manager: Portage-3.0.17, Repoman-3.0.2
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 net-irc/ircii/Manifest              |  1 -
 net-irc/ircii/ircii-20190117.ebuild | 36 ------------------------------------
 2 files changed, 37 deletions(-)
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-03-28 15:49:55 UTC
Thanks!
Comment 11 NATTkA bot gentoo-dev 2021-07-29 17:23:40 UTC Comment hidden (obsolete)
Comment 12 NATTkA bot gentoo-dev 2021-07-29 17:32:04 UTC Comment hidden (obsolete)
Comment 13 NATTkA bot gentoo-dev 2021-07-29 17:39:57 UTC Comment hidden (obsolete)
Comment 14 NATTkA bot gentoo-dev 2021-07-29 17:48:08 UTC Comment hidden (obsolete)
Comment 15 NATTkA bot gentoo-dev 2021-07-29 18:04:05 UTC Comment hidden (obsolete)
Comment 16 NATTkA bot gentoo-dev 2021-07-29 18:12:22 UTC
Package list is empty or all packages have requested keywords.