Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 586576 - <dev-util/desktop-file-utils-0.23: Out of bounds heap read
Summary: <dev-util/desktop-file-utils-0.23: Out of bounds heap read
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugs.freedesktop.org/show_bug...
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks: 574892
  Show dependency tree
 
Reported: 2016-06-21 15:29 UTC by Hanno Böck
Modified: 2016-07-09 01:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2016-06-21 15:29:12 UTC 
desktop-file-utils 0.23 fixes an out of bounds heap read. This is one of those cases where it's debatable whether this is a security issue at all, probably not worthy of a GLSA. Please bump

Upstream bugs:
https://bugs.freedesktop.org/show_bug.cgi?id=90784
https://bugs.freedesktop.org/show_bug.cgi?id=94303
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2016-06-22 03:39:08 UTC 
Per previous comment, the issue is fixed in:

=dev-util/desktop-file-utils-0.23

Please bump and if ready request stabilization in this bug.
Comment 2 Michael Palimaka (kensington) gentoo-dev 2016-06-22 11:54:30 UTC 
Bumped in git.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71af3476fb0356ce0e319b3d686f630da602ae2e

Feel free to stabilise at your discretion.
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2016-06-22 12:21:23 UTC 
@arches, please stabilize:

=dev-util/desktop-file-utils-0.23
Comment 4 Agostino Sarubbo gentoo-dev 2016-06-27 08:24:44 UTC 
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2016-06-27 08:51:55 UTC 
x86 stable
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2016-06-30 10:30:18 UTC 
Stable on alpha.
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2016-07-01 04:16:52 UTC 
Stable for HPPA PPC64.
Comment 8 Markus Meier gentoo-dev 2016-07-05 20:57:38 UTC 
arm stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-07-08 08:00:11 UTC 
ppc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-07-08 10:08:27 UTC 
sparc stable
Comment 11 Agostino Sarubbo gentoo-dev 2016-07-08 12:07:48 UTC 
ia64 stable
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2016-07-08 14:33:24 UTC 
Removing unstable arches.

@maintainer(s), please cleanup.

GLSA Vote: No
Comment 13 Michael Palimaka (kensington) gentoo-dev 2016-07-08 16:10:26 UTC 
Cleanup done.
Comment 14 Aaron Bauman (RETIRED) gentoo-dev 2016-07-09 01:08:19 UTC 
Thanks, all!