Summary: | <media-libs/imlib2-1.4.8-r1: gif oob reads w/bad colormaps | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | enlightenment+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://git.enlightenment.org/legacy/imlib2.git/commit/?id=16de244bd03d2f75da6508feb1ad9cb4e668e9dc | ||
See Also: |
https://bugzilla.redhat.com/show_bug.cgi?id=1323060 https://bugs.debian.org/785369 |
||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-04-02 10:46:30 UTC
afaict, they never actually notified upstream for either issue. i can push the gif fix, but have to talk to some of the e admins upstream. i've pushed the gif oob read upstream: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=16de244bd03d2f75da6508feb1ad9cb4e668e9dc let's make this bug only about the gif oob issue. the ellipse div-by-zero looks like much less of an issue, and it'll be a bit longer yet before it's resolved. should be fine to stabilize 1.4.8-r1: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=754b25e1b738fcff29b16148ef70408f28448532 This issue was resolved and addressed in GLSA 201611-12 at https://security.gentoo.org/glsa/201611-12 by GLSA coordinator Aaron Bauman (b-man). |