CVE-2015-4696 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4696): Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.
CVE-2015-4695 Closemeta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file. CVE-2015-4588 Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.
https://bugzilla.redhat.com/show_bug.cgi?id=1227243
Patches available at Red Hat link, please advise.
I created pull request on Github: https://github.com/gentoo/gentoo/pull/303
Since this is maint-needed, I've taken the liberty to merge the PR (eca6766). Now I guess we need to fast-stabilize -r6.
Arches, please test and mark stable: =media-libs/libwmf-0.2.8.4-r6 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" Thank you!
amd64 stable
x86 stable
(In reply to Agostino Sarubbo from comment #7) > amd64 stable (In reply to Agostino Sarubbo from comment #8) > x86 stable You didn't commit anything.
arm stable
(In reply to Jeroen Roovers from comment #9) > (In reply to Agostino Sarubbo from comment #7) > > amd64 stable > > (In reply to Agostino Sarubbo from comment #8) > > x86 stable > > You didn't commit anything. the stabilization was done in bug 551144
sparc stable
alpha stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed.
This issue was resolved and addressed in GLSA 201602-03 at https://security.gentoo.org/glsa/201602-03 by GLSA coordinator Kristian Fiskerstrand (K_F).