Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#57166 - [bchunk] [Security] denial of service (CVE-2017-15955 CVE-2017-15954 CVE-2017-15953)
Attached to Project:
Community Packages
Opened by Tyler Bennett (arch3y) - Friday, 19 January 2018, 21:57 GMT
Last edited by Levente Polyak (anthraxx) - Saturday, 20 January 2018, 12:10 GMT
Opened by Tyler Bennett (arch3y) - Friday, 19 January 2018, 21:57 GMT
Last edited by Levente Polyak (anthraxx) - Saturday, 20 January 2018, 12:10 GMT
|
DetailsSummary
======= The package bchunk is vulnerable to denial of service via CVE-2017-15955, CVE-2017-15954 and CVE-2017-15953. Guidance ======== It appears if these patches are applied, https://github.com/NixOS/nixpkgs/blob/7d04f9f8fdf22071f422ba8563d47b9ca04c518c/pkgs/tools/cd-dvd/bchunk/CVE-2017-15953.patch https://github.com/NixOS/nixpkgs/blob/7d04f9f8fdf22071f422ba8563d47b9ca04c518c/pkgs/tools/cd-dvd/bchunk/CVE-2017-15955.patch It also appears this version has all of the patches applied to fix the issues: https://github.com/hessu/bchunk/releases References ========== https://security.archlinux.org/AVG-475 https://github.com/extramaster/bchunk/issues/4 https://github.com/extramaster/bchunk/issues/3 https://github.com/extramaster/bchunk/issues/2 |
This task depends upon
Closed by Levente Polyak (anthraxx)
Saturday, 20 January 2018, 12:10 GMT
Reason for closing: Fixed
Additional comments about closing: already fixed in 1.2.2
Saturday, 20 January 2018, 12:10 GMT
Reason for closing: Fixed
Additional comments about closing: already fixed in 1.2.2