From ${URL} : An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile. Upstream patch: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 CVE request: http://seclists.org/oss-sec/2016/q3/288 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
lcms is bundled in various OpenJDK releases, we will need to check that.
Added the patch. Testing now.
(In reply to Andreas K. Hüttel from comment #2) > Added the patch. Testing now. I see no bug explosion, so let's go ahead. Arches please stabilize, target: all stable arches =media-libs/lcms-2.8-r1
amd64 stable
Stable on alpha.
Stable for HPPA.
x86 stable
arm ppc64 stable.
ppc stable
sparc stable
ia64 stable. Maintainer(s), please cleanup. Security, please vote.
Vulnerable versions removed
GLSA Vote: No Repository is clean, all done.