Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#44017 - [grep] CVE-2015-1345: heap buffer out-of-bounds read / denial of service
Attached to Project:
Arch Linux
Opened by Levente Polyak (anthraxx) - Monday, 02 March 2015, 14:51 GMT
Last edited by Sébastien Luttringer (seblu) - Monday, 02 March 2015, 21:56 GMT
Opened by Levente Polyak (anthraxx) - Monday, 02 March 2015, 14:51 GMT
Last edited by Sébastien Luttringer (seblu) - Monday, 02 March 2015, 21:56 GMT
|
DetailsIt has been reported [0] that grep <= 2.21 is suffering from heap buffer out-of-bounds read which results in a crash (denial of service).
This issues is tracked as CVE-2015-1345 [1] and a upstream patch [2] is available. I have attached a fixed PKGBUILD for convenience. [0] http://seclists.org/oss-sec/2015/q1/179 [1] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1345 [2] http://git.savannah.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2 
grep-PKGBUILD-CVE-2015-1345.p...
(0.9 KiB)
|
This task depends upon
Closed by Sébastien Luttringer (seblu)
Monday, 02 March 2015, 21:56 GMT
Reason for closing: Fixed
Additional comments about closing: grep-2.21-2
Monday, 02 March 2015, 21:56 GMT
Reason for closing: Fixed
Additional comments about closing: grep-2.21-2
Comment by Sébastien Luttringer (seblu) -
Monday, 02 March 2015, 21:55 GMT
I didn't use the provided patch because it doesn't build in a clean chroot. automake was missing or a lighter patch without touching makefiles do the job.