Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 139325
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Raphael Marichez <falco@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
libwmf-0.2.8.3-r1.tmpfix.patch Temporary fix for 0.2.8.3-r1. patch Mattias Bengtsson 2006-07-30 09:25 0000 874 bytes Details | Diff
libwmf-0.2.8.3-r1.tmpfix.patch Temporary fix for 0.2.8.3-r1. patch Mattias Bengtsson 2006-07-30 09:43 0000 977 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 139325 depends on: Show dependency tree
Bug 139325 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-07-05 08:40 0000 
Hi,

libwmf is vulnerable to a integer overflow vuln, leading to the possible
execution of arbitrary code by enticing a user to open a malicious WMF file.

This package has no maintainer, no herd.

I CC: antarus@ of the treecleaners team for information.

------- Comment #1 From Raphael Marichez 2006-07-05 08:41:12 0000 ------- 
in [upstream] status, no action needed, waiting for an official patch or
release.

------- Comment #2 From Thierry Carrez (RETIRED) 2006-07-29 05:49:28 0000 ------- 
There probably won't be any.

------- Comment #3 From Mattias Bengtsson 2006-07-30 09:25:39 0000 ------- 
Created an attachment (id=93067) [details]
Temporary fix for 0.2.8.3-r1.

------- Comment #4 From Mattias Bengtsson 2006-07-30 09:41:09 0000 ------- 
(From update of attachment 93067 [details])
Typo, sorry.

------- Comment #5 From Mattias Bengtsson 2006-07-30 09:43:02 0000 ------- 
Created an attachment (id=93069) [details]
Temporary fix for 0.2.8.3-r1.

------- Comment #6 From Sune Kloppenborg Jeppesen 2006-08-02 08:41:24 0000 ------- 
Mandriva fixed this issue. Please provide an updated ebuild.

We might need to call for a new maintainer on -dev.

------- Comment #7 From Sune Kloppenborg Jeppesen 2006-08-03 00:06:55 0000 ------- 
maintainer wanted mail sent to -dev.

------- Comment #8 From Enrico 'nekrad' Weigelt 2006-08-03 09:57:42 0000 ------- 
I'll have a look at it. 

It first has to go through the whole CSDB/OSS-QM procedure (file crawler,
sysroot'ed crossbuilds, pkgconfig'ing, ...).

------- Comment #9 From SpanKY 2006-08-06 20:40:01 0000 ------- 
0.2.8.4 now in portage with fixes

------- Comment #10 From Sune Kloppenborg Jeppesen 2006-08-07 00:33:28 0000 ------- 
Thx Mike.

Arches please test and mark stable.

------- Comment #11 From Alastair Tse (RETIRED) 2006-08-07 02:51:42 0000 ------- 
stable for x86

------- Comment #12 From Markus Rothe 2006-08-07 06:28:38 0000 ------- 
ppc64 stable

------- Comment #13 From Gustavo Zacarias (RETIRED) 2006-08-07 07:07:42 0000 ------- 
sparc stable.

------- Comment #14 From Luca Barbato 2006-08-07 09:17:02 0000 ------- 
Marked ppc

------- Comment #15 From Scott Stoddard (RETIRED) 2006-08-07 12:03:42 0000 ------- 
stable amd64.

------- Comment #16 From Thomas Cort (RETIRED) 2006-08-07 17:42:53 0000 ------- 
alpha stable.

------- Comment #17 From René Nussbaumer 2006-08-08 02:10:24 0000 ------- 
stable on hppa

------- Comment #18 From Sune Kloppenborg Jeppesen 2006-08-10 12:32:30 0000 ------- 
GLSA 200608-17

arm, ia64, mips, sh don't forget to mark stable to benifit from the GLSA.

------- Comment #19 From Joshua Kinard 2006-09-03 21:45:04 0000 ------- 
0.2.8.4 stable on mips.

------- Comment #20 From Peter Volkov 2008-03-06 09:34:22 0000 ------- 
Does not affect current (2008.0) release. Removing release.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug