Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 625860 (CVE-2017-11464) - <gnome-base/librsvg-2.40.18: incorrect protection against division by zero.
Summary: <gnome-base/librsvg-2.40.18: incorrect protection against division by zero.
Status: RESOLVED FIXED
Alias: CVE-2017-11464
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://cve.mitre.org/cgi-bin/cvename...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-21 15:32 UTC by Christopher Díaz Riveros (RETIRED)
Modified: 2017-11-02 23:08 UTC (History)
1 user (show)

See Also:
Package list:
gnome-base/librsvg-2.40.18
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-21 15:32:01 UTC 
From 

https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a

bgo#783835 - Don't divide by zero in box_blur_line() for gaussian blurs
We were making the decision to use box blurs, instead of a true
Gaussian kernel, based on the size of *both* x and y dimensions.  Do
them individually instead.
Comment 1 Sergei Trofimovich (RETIRED) gentoo-dev 2017-07-22 09:25:17 UTC 
ia64 stable
Comment 2 Markus Meier gentoo-dev 2017-07-25 18:53:26 UTC 
arm stable
Comment 3 Tobias Klausmann (RETIRED) gentoo-dev 2017-07-31 12:20:48 UTC 
Stable on amd64.
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-20 17:34:08 UTC 
x86 stable
Comment 5 Matt Turner gentoo-dev 2017-09-01 18:47:08 UTC 
alpha stable
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-09 19:41:21 UTC 
sparc stable (thank to Dakon)
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-26 23:04:33 UTC 
ppc stable
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-30 06:38:12 UTC 
ppc64 stable
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-30 10:46:22 UTC 
hppa stable
Comment 10 D'juan McDonald (domhnall) 2017-10-18 00:52:00 UTC 
Thank you ATs,

@maintainer(s), please cleanup.

@Security, please vote on GLSA.

Gentoo Security Padawan
Daj' Uan (jmbailey)
Comment 11 Larry the Git Cow gentoo-dev 2017-10-18 00:59:49 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0fc6f3b7d648c393af1675dd316781e0db3f8441

commit 0fc6f3b7d648c393af1675dd316781e0db3f8441
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2017-10-18 00:59:38 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2017-10-18 00:59:38 +0000

    gnome-base/librsvg: remove old
    
    Bug: https://bugs.gentoo.org/625860
    Package-Manager: Portage-2.3.8, Repoman-2.3.2

 gnome-base/librsvg/Manifest               |  1 -
 gnome-base/librsvg/librsvg-2.40.17.ebuild | 97 -------------------------------
 2 files changed, 98 deletions(-)}
Comment 12 Thomas Deutschmann (RETIRED) gentoo-dev 2017-11-02 23:08:25 UTC 
GLSA Vote: No!

Repository is clean, all done!