From ${URL} : 1. Null pointer dereference in regexp.c The return value from malloc is not properly checked before dereferencing it which can result in a crash. More details on the bug in the bug report at: https://bugs.ghostscript.com/show_bug.cgi?id=697381 This has been fixed by the MUJS team in the commit: http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569 2. Heap buffer overflow write in jsrun.c: js_stackoverflow() There was a logical error in the code which can be used to trigger a heap overflow write. More details on the bug in the bug report at: https://bugs.ghostscript.com/show_bug.cgi?id=697401 The same has been fixed by the MUJS team in the commit: http://git.ghostscript.com/?p=mujs.git;a=commit;h=77ab465f1c394bb77f00966cd950650f3f53cb24 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63926daea9a8a9b4e5e6f49b5159b5cdd6dd39b7 commit 63926daea9a8a9b4e5e6f49b5159b5cdd6dd39b7 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-10-07 02:13:03 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-10-07 02:13:03 +0000 dev-lang/mujs: bump to 1.0.4 Bug: https://bugs.gentoo.org/605554 Bug: https://bugs.gentoo.org/646784 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Package-Manager: Portage-2.3.50, Repoman-2.3.11 dev-lang/mujs/Manifest | 1 + dev-lang/mujs/files/mujs-1.0.4-gentoo.patch | 23 ++++++++++++++++ dev-lang/mujs/mujs-1.0.4.ebuild | 42 +++++++++++++++++++++++++++++ 3 files changed, 66 insertions(+)
When I bumped and cleaned in october, I didn't touch this bug, expecting it to follow bug 646784, but it didn't. Updating whiteboard. Cleanup has already been made.
