The package app-crypt/mhash-0.9.9 as well as app-crypt/mhash-0.9.9-r1 are affected by a bug which causes memory to be leaked during mhash_restore_state_mem. In this function/patch, ret->state is allocated towards the beginning and later on replaced with a new allocated area without freeing the old. The patch fixes it. Patch already submitted upstream, but depending on speed, this may be faster to patch in a new patchset. Gentoo-Bug: 255006 Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=255006 Patch-URL: http://bugs.gentoo.org/attachment.cgi?id=178560 Signed-off-by: Thomas Harning --- a/lib/mhash.c +++ b/lib/mhash.c @@ -719,6 +719,8 @@ mutils_memcpy( &ret->state_size, &mem[pos], sizeof(ret->state_size)); pos += sizeof( ret->state_size); + if (ret->state) + mutils_free(ret->state); ret->state = mutils_malloc(ret->state_size); if (ret->state==NULL) goto freeall;