From ${URL} : A segmentation fault triggered by processing crafted files was found in libical 0.47 and libical 1.0. Upstream bug (not yet public): https://bugzilla.mozilla.org/show_bug.cgi?id=1275400 CVE assignment: http://seclists.org/oss-sec/2016/q2/604 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
we have 2.0.x in the tree... but I don't know if it fixes this
Arches, please stabilise.
sparc stable
ia64 stable
ppc stable
ppc64 stable
amd64 stable
x86 stable
arm stable
ping alpha.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=498a9648290b3e85b8e04d22c2a91e8afeb0c7b0 commit 498a9648290b3e85b8e04d22c2a91e8afeb0c7b0 Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2019-03-29 09:25:18 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2019-03-29 09:25:33 +0000 dev-libs/libical-3.0.4-r0: alpha stable Bug: http://bugs.gentoo.org/587572 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> dev-libs/libical/libical-3.0.4.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
@maintainer, please drop vulnerable.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8998a9bbdb89e01d0e0d5bb722ff7b5705f46d6 commit b8998a9bbdb89e01d0e0d5bb722ff7b5705f46d6 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2019-03-29 21:14:40 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2019-03-30 09:58:22 +0000 dev-libs/libical: Drop vulnerable 2.0.0-r3 Bug: https://bugs.gentoo.org/587572 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-libs/libical/Manifest | 1 - ...ical-2.0.0-libical.pc-fix-libdir-location.patch | 28 ---------- ...cal-2.0.0-libical.pc-icu-move-to-requires.patch | 47 ----------------- ...al-2.0.0-libical.pc-icu-remove-full-paths.patch | 44 ---------------- ...libical-2.0.0-libical.pc-set-full-version.patch | 19 ------- dev-libs/libical/files/libical-2.0.0-tests.patch | 38 -------------- dev-libs/libical/libical-2.0.0-r3.ebuild | 60 ---------------------- 7 files changed, 237 deletions(-)
This issue was resolved and addressed in GLSA 201904-02 at https://security.gentoo.org/glsa/201904-02 by GLSA coordinator Aaron Bauman (b-man).
