From secunia security advisory at $URL: Description Some vulnerabilities have been reported in Links, which can be exploited by malicious people to potentially compromise a user's system. 1) An unspecified error within the graphics renderer can be exploited to cause an out-of-bounds write. 2) An unspecified error within the XBM decoder can be exploited to cause out-of-bounds read and write. The vulnerabilities are reported in versions prior to 2.6. Solution Update to version 2.6.
+*links-2.6 (10 Apr 2012) + + 10 Apr 2012; Samuli Suominen <ssuominen@gentoo.org> +links-2.6.ebuild, + metadata.xml: + Version bump wrt security #411493 (Graphics Renderer and XBM Decoder + Vulnerabilities). Missing %u in Exec= line to pass links to links -g, see + http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest + .html#exec-variables. USE="deprecated" as first step to get rid of the + deprecated links2 compability symlink whih is enabled by default for now. Test and stabilize: =www-client/links-2.6 "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
x86 stable
amd64 ok
amd64 stable
arm stable
alpha/ia64/s390/sh/sparc stable
ppc done
ppc64 done
Thanks everyone. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201206-32 at http://security.gentoo.org/glsa/glsa-201206-32.xml by GLSA coordinator Stefan Behte (craig).