595538 – (CVE-2016-7563) <dev-lang/mujs-0_p20161202: multiple vulnerabilities

Bug 595538 (CVE-2016-7563) - <dev-lang/mujs-0_p20161202: multiple vulnerabilities

Summary: <dev-lang/mujs-0_p20161202: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2016-7563

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2016-09-29 14:12 UTC by Agostino Sarubbo
Modified:	2017-02-22 11:50 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	=dev-lang/mujs-0_p20161202
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2016-09-29 14:12:20 UTC

From ${URL} :

Two vulnerabilities were found in mujs latest version, and they have got
fixed.

1. mujs str Out-of-Bound read 1 byte in function chartorune.
http://bugs.ghostscript.com/show_bug.cgi?id=697136


2. mujs "char *s" Heap overflow in Fp_toString at jsfunction.c:72
http://bugs.ghostscript.com/show_bug.cgi?id=697137


@maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.

Comment 1 Agostino Sarubbo gentoo-dev

2016-11-28 20:20:19 UTC

since mujs has been stabilized, this is now B2

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2016-11-28 22:49:28 UTC

(In reply to Agostino Sarubbo from comment #1)
> since mujs has been stabilized, this is now B2

Has the affected version gone stable?  If the affected version was never stabilized (considering the time) then it would not be bumped to a B2.

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2016-12-08 17:59:58 UTC

(In reply to Aaron Bauman from comment #2)
> (In reply to Agostino Sarubbo from comment #1)
> > since mujs has been stabilized, this is now B2
> 
> Has the affected version gone stable?  If the affected version was never
> stabilized (considering the time) then it would not be bumped to a B2.

We don't have a non-affected version in tree.

The version (=dev-lang/mujs-0_p20150202) which went stable via bug 571322 is affected.


@ Maintainer(s): Please do another snapshot release (based on 2016-11-01 or newer).

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2017-01-09 19:26:48 UTC

@ Arches,

please test and mark stable: =dev-lang/mujs-0_p20161202

Comment 5 Agostino Sarubbo gentoo-dev

2017-01-10 14:56:13 UTC

amd64 stable

Comment 6 Agostino Sarubbo gentoo-dev

2017-01-10 15:23:32 UTC

x86 stable

Comment 7 Jeroen Roovers (RETIRED) gentoo-dev

2017-01-12 09:30:30 UTC

Stable for HPPA.

Comment 8 Agostino Sarubbo gentoo-dev

2017-01-18 10:04:57 UTC

ppc64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 9 Michael Weber (RETIRED) gentoo-dev

2017-01-23 01:26:20 UTC

commit 9811282d7cd7d26dfd47d6b33ebdaf4c1cca20d7
Author: Michael Weber <xmw@gentoo.org>
Date:   Mon Jan 23 02:25:39 2017 +0100

    dev-lang/mujs: Cleanup (bug 595538).
    
    Package-Manager: Portage-2.3.3, Repoman-2.3.1

Comment 10 Michael Weber (RETIRED) gentoo-dev

2017-02-22 11:45:34 UTC

commit c8a113a2db891ccb24e11b4a64061f8d38b3b67e
Author: Michael Weber <xmw@gentoo.org>
Date:   Wed Feb 22 12:44:50 2017 +0100

    dev-lang/mujs: Cleanup old versions (bug 595538).
    
    Package-Manager: Portage-2.3.3, Repoman-2.3.1

dev-lang/mujs/Manifest
dev-lang/mujs/mujs-0_p20150202.ebuild
dev-lang/mujs/mujs-0_p20160504.ebuild

Comment 11 Aaron Bauman (RETIRED) gentoo-dev

2017-02-22 11:50:25 UTC

No ACE/RCE PoC.  Downgraded to B3.  Tree is clean.