Summary: | <media-libs/lcms-2.9: Heap-buffer-overflow in TetrahedralInterpFloat | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | printing |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1730 | ||
Whiteboard: | A4 [noglsa] | ||
Package list: |
=media-libs/lcms-2.9
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2017-08-21 07:23:12 UTC
https://github.com/mm2/Little-CMS/commit/9efd86709a02496bdb7d482ce50c5ffe79c32eac https://github.com/mm2/Little-CMS/commit/aeaaa78e66b6c0c0bf0a1d2614efbaf4a522e66b Should be fixed in 2.9 in the tree, feel free to start stabilization. @Arches please test and mark stable. Thank you (In reply to Christopher Díaz Riveros from comment #3) > @Arches please test and mark stable. > > Thank you hppa/ppc/ppc64 stable Single Multilocalized test fails on BE arches. Reported upstream as: https://github.com/mm2/Little-CMS/pull/142 x86 stable arm stable Stable on amd64 ia64 stable Since bug 638192 seems to affect all bigendian archs: sparc fine. sparc stable (thanks to Rolf Eike Beer) Stable on alpha. @security, please add bug ID to CVETool, thank you. Gentoo Security Padawan (Jmbailey/mbailey_j) arm64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=139bfc57747c094af6dc04e4485e433dd56acbde commit 139bfc57747c094af6dc04e4485e433dd56acbde Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-18 15:41:14 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-18 18:25:03 +0000 media-libs/lcms: Cleanup vulnerable Bug: https://bugs.gentoo.org/628478 Package-Manager: Portage-2.3.49, Repoman-2.3.10 media-libs/lcms/Manifest | 1 - .../lcms/files/lcms-2.8-CVE-2016-10165.patch | 22 ---------- media-libs/lcms/lcms-2.8-r1.ebuild | 46 ------------------- media-libs/lcms/lcms-2.8-r2.ebuild | 51 ---------------------- 4 files changed, 120 deletions(-) ping sec. Tree is clean |