From ${URL} : The following flaw was reported to us by Yuguang Cai. Basically return value from malloc isnt checked, in _xrealloc function. This can be triggered remotely by sending a large number of request, which could possibly lead malloc to fail at one point, causing crash via null pointer deref. Because of the way memory works on modern linux systems, this one seems to be difficult to exploit, so i am wondering if a CVE id should really be assigned to this issue. Details at: https://bugzilla.redhat.com/show_bug.cgi?id=1329295 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Fedora patch @ https://pkgs.fedoraproject.org/cgit/rpms/openslp.git/plain/openslp-2.0.0-null-pointer-deref.patch
commit a5ebb986de32e702fece9392cc511a6e2d31f08a Author: Andreas K. Hüttel <dilfridge@gentoo.org> Date: Sat Feb 18 14:01:53 2017 +0100 net-libs/openslp: EAPI bump, add Fedora patch for CVE 2016-4912 Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-libs/openslp/files/openslp-2.0.0-CVE-2016-4912.patch | 15 +++++++++++++++ net-libs/openslp/openslp-2.0.0-r2.ebuild | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) Added the patch from Fedora. Since 2.0.0 is only freshly rekeyworded we should probably wait a bit now.
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
Added to an existing GLSA.
Nothing to do for printing here anymore.
This issue was resolved and addressed in GLSA 201707-05 at https://security.gentoo.org/glsa/201707-05 by GLSA coordinator Thomas Deutschmann (whissi).