FS#75447 - [libtirpc] [security] CVE-2021-46828
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Thursday, 28 July 2022, 17:14 GMT
Last edited by Andreas Radke (AndyRTR) - Monday, 08 August 2022, 19:29 GMT
Opened by T.J. Townsend (blakkheim) - Thursday, 28 July 2022, 17:14 GMT
Last edited by Andreas Radke (AndyRTR) - Monday, 08 August 2022, 19:29 GMT
|
Details
Description:
The libtirpc package is vulnerable to CVE-2021-46828, a DoS bug fixed upstream. The attached diff pulls in the commit to fix it and also switches from sha1sums to sha256sums. Additional info: https://git.linux-nfs.org/?p=steved/libtirpc.git;a=patch;h=86529758570cef4c73fb9b9c4104fdc510f701ed;hp=7089bb02714e23b9c737c22d64f1ee3b256e45f4 |
This task depends upon
Closed by Andreas Radke (AndyRTR)
Monday, 08 August 2022, 19:29 GMT
Reason for closing: Fixed
Additional comments about closing: 1.3.3-1
Monday, 08 August 2022, 19:29 GMT
Reason for closing: Fixed
Additional comments about closing: 1.3.3-1
Comment by
T.J. Townsend (blakkheim) -
Saturday, 30 July 2022, 17:47 GMT
Upstream released libtirpc 1.3.3-rc4 two days ago, which includes
the fixes, but I think it would be worth backporting now anyway. I
say this because there has been a span of 11 months between rc1
and rc4... so the final 1.3.3 release might not be as close as it
seems.