Upstream 1.13 fixes multiple buffer overflow + multiple null pointer dereference + a divide by zero which I reported time ago. Upstream announcement: October 22, 2015: Release 1.13. Some critical bugs in the processing of BMP files were fixed. These bugs allowed the program to be crashed, or potentially to be abused in other ways, by feeding it specially crafted BMP files. Thanks to Tomasz Buchert and Agostino Sarubbo for reporting these bugs. Portability was improved for C99 and for MSVC++. Thanks to Peter Breitenlohner, Nelson Beebe, and Martin Gieseking for reporting portability issues.
Arches, please test and mark stable: =media-gfx/potrace-1.13 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
amd64 stable
x86 stable
Stable for HPPA PPC64.
arm stable
Stable on alpha.
sparc stable
ppc stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
As the previous potrace bug (bug #545036) this is a potential DoS. Re-designating. GLSA Vote: No @maintainer(s), please clean.
Cleaned: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50c8e5d683791820f0d684a8bbab9b7b10202b4a