From ${URL} : Two vulnerabilities were found in mujs latest version, and they have got fixed. 1. mujs str Out-of-Bound read 1 byte in function chartorune. http://bugs.ghostscript.com/show_bug.cgi?id=697136 2. mujs "char *s" Heap overflow in Fp_toString at jsfunction.c:72 http://bugs.ghostscript.com/show_bug.cgi?id=697137 @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
since mujs has been stabilized, this is now B2
(In reply to Agostino Sarubbo from comment #1) > since mujs has been stabilized, this is now B2 Has the affected version gone stable? If the affected version was never stabilized (considering the time) then it would not be bumped to a B2.
(In reply to Aaron Bauman from comment #2) > (In reply to Agostino Sarubbo from comment #1) > > since mujs has been stabilized, this is now B2 > > Has the affected version gone stable? If the affected version was never > stabilized (considering the time) then it would not be bumped to a B2. We don't have a non-affected version in tree. The version (=dev-lang/mujs-0_p20150202) which went stable via bug 571322 is affected. @ Maintainer(s): Please do another snapshot release (based on 2016-11-01 or newer).
@ Arches, please test and mark stable: =dev-lang/mujs-0_p20161202
amd64 stable
x86 stable
Stable for HPPA.
ppc64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
commit 9811282d7cd7d26dfd47d6b33ebdaf4c1cca20d7 Author: Michael Weber <xmw@gentoo.org> Date: Mon Jan 23 02:25:39 2017 +0100 dev-lang/mujs: Cleanup (bug 595538). Package-Manager: Portage-2.3.3, Repoman-2.3.1
commit c8a113a2db891ccb24e11b4a64061f8d38b3b67e Author: Michael Weber <xmw@gentoo.org> Date: Wed Feb 22 12:44:50 2017 +0100 dev-lang/mujs: Cleanup old versions (bug 595538). Package-Manager: Portage-2.3.3, Repoman-2.3.1 dev-lang/mujs/Manifest dev-lang/mujs/mujs-0_p20150202.ebuild dev-lang/mujs/mujs-0_p20160504.ebuild
No ACE/RCE PoC. Downgraded to B3. Tree is clean.