https://blogs.gentoo.org/ago/2017/08/09/libfpx-double-free-in-dffromlb-docfile-cxx https://blogs.gentoo.org/ago/2017/08/09/libfpx-heap-based-buffer-overflow-in-olestreamwritevt_lpstr-olestrm-cpp https://blogs.gentoo.org/ago/2017/08/09/libfpx-null-pointer-dereference-in-cdirectorygetdirentry-dir-cxx https://blogs.gentoo.org/ago/2017/08/09/libfpx-null-pointer-dereference-in-wchar-c https://blogs.gentoo.org/ago/2017/08/09/libfpx-null-pointer-dereference-in-pfileflashpixviewgetglobalinfoproperty-f_fpxvw-cpp https://blogs.gentoo.org/ago/2017/08/09/libfpx-null-pointer-dereference-in-olestreamwritevt_lpstr-olestrm-cpp https://blogs.gentoo.org/ago/2017/08/09/libfpx-divide-by-zero-in-cdirvectorgettable-dirfunc-hxx Upstream is dead, consider to pmask and remove.
libfpx-1.3.1-10.tar.xz is available here: https://www.imagemagick.org/download/delegates/ It contains the fixes pushed by Niclas Rosenvik. Please bump
CVE-2017-12920 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12920): CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. CVE-2017-12921 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12921): PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. CVE-2017-12925 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12925): Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=54550720b42f8a4bb3adaf6727ce8a47c5ed7892 commit 54550720b42f8a4bb3adaf6727ce8a47c5ed7892 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2017-10-12 21:08:16 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2017-10-12 21:18:50 +0000 media-libs/libfpx: Bump to v1.3.1_p10 (CVE-2017-{12920,12921,12925}) Bug: https://bugs.gentoo.org/628190 Package-Manager: Portage-2.3.10, Repoman-2.3.3 media-libs/libfpx/Manifest | 1 + media-libs/libfpx/libfpx-1.3.1_p10.ebuild | 45 +++++++++++++++++++++++++++++++ media-libs/libfpx/metadata.xml | 3 +++ 3 files changed, 49 insertions(+)}
@ Arches, please test and mark stable: =media-libs/libfpx-1.3.1_p10
An automated check of this bug failed - the following atom is unknown: media-libs/libfpx-1.3.1_p10 Please verify the atom list.
ia64 stable
x86 stable
Stable on amd64
An automated check of this bug succeeded - the previous repoman errors are now resolved.
ppc64 stable
ppc stable
hppa stable
Stable on alpha.
arm stable, all arches done.
Thank you arches. @ Maintainer(s): Please clean vulnerable version from tree. @ Security: Please vote on glsa.
GLSA Vote: No
@maintainer(s), please drop vulnerable. Michael Boyle Security Padawan
giving sparc a chance...
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ae2a50d7297299eafe28191e577885d22cfacea commit 5ae2a50d7297299eafe28191e577885d22cfacea Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-06-21 16:47:38 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-21 19:21:01 +0000 media-libs/libfpx: stable 1.3.1_p10 for sparc Bug: https://bugs.gentoo.org/628190 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="sparc" media-libs/libfpx/libfpx-1.3.1_p10.ebuild | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
