Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 625860 (CVE-2017-11464) - <gnome-base/librsvg-2.40.18: incorrect protection against division by zero.
Summary: <gnome-base/librsvg-2.40.18: incorrect protection against division by zero.
Status: RESOLVED FIXED
Alias: CVE-2017-11464
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://cve.mitre.org/cgi-bin/cvename...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-21 15:32 UTC by Christopher Díaz Riveros (RETIRED)
Modified: 2017-11-02 23:08 UTC (History)
1 user (show)

See Also:
Package list:
gnome-base/librsvg-2.40.18
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-21 15:32:01 UTC
From 

https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a

bgo#783835 - Don't divide by zero in box_blur_line() for gaussian blurs
We were making the decision to use box blurs, instead of a true
Gaussian kernel, based on the size of *both* x and y dimensions.  Do
them individually instead.
Comment 1 Sergei Trofimovich (RETIRED) gentoo-dev 2017-07-22 09:25:17 UTC
ia64 stable
Comment 2 Markus Meier gentoo-dev 2017-07-25 18:53:26 UTC
arm stable
Comment 3 Tobias Klausmann (RETIRED) gentoo-dev 2017-07-31 12:20:48 UTC
Stable on amd64.
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-20 17:34:08 UTC
x86 stable
Comment 5 Matt Turner gentoo-dev 2017-09-01 18:47:08 UTC
alpha stable
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-09 19:41:21 UTC
sparc stable (thank to Dakon)
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-26 23:04:33 UTC
ppc stable
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-30 06:38:12 UTC
ppc64 stable
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-30 10:46:22 UTC
hppa stable
Comment 10 D'juan McDonald (domhnall) 2017-10-18 00:52:00 UTC
Thank you ATs,

@maintainer(s), please cleanup.

@Security, please vote on GLSA.

Gentoo Security Padawan
Daj' Uan (jmbailey)
Comment 11 Larry the Git Cow gentoo-dev 2017-10-18 00:59:49 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0fc6f3b7d648c393af1675dd316781e0db3f8441

commit 0fc6f3b7d648c393af1675dd316781e0db3f8441
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2017-10-18 00:59:38 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2017-10-18 00:59:38 +0000

    gnome-base/librsvg: remove old
    
    Bug: https://bugs.gentoo.org/625860
    Package-Manager: Portage-2.3.8, Repoman-2.3.2

 gnome-base/librsvg/Manifest               |  1 -
 gnome-base/librsvg/librsvg-2.40.17.ebuild | 97 -------------------------------
 2 files changed, 98 deletions(-)}
Comment 12 Thomas Deutschmann (RETIRED) gentoo-dev 2017-11-02 23:08:25 UTC
GLSA Vote: No!

Repository is clean, all done!