Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 647378 - <media-gfx/icoutils-0.32.2: two invalid memory reads
Summary: <media-gfx/icoutils-0.32.2: two invalid memory reads
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-12 09:16 UTC by Hanno Böck
Modified: 2018-03-18 00:49 UTC (History)
1 user (show)

See Also:
Package list:
media-gfx/icoutils-0.32.2
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2018-02-12 09:16:22 UTC 
Some invalid memory reads have been fixed in icoutils 0.32.2:

https://savannah.nongnu.org/bugs/index.php?52313
https://savannah.nongnu.org/bugs/index.php?52308

Please bump.
Comment 1 Hanno Böck gentoo-dev 2018-02-12 09:24:38 UTC 
My original report wasn't entirely accurate. The first bug (52313) is already fixed in 0.31.1, the second (52308) had an incomplete fix in 0.31.1 and a proper fix in 0.32.2.
Comment 2 Larry the Git Cow gentoo-dev 2018-02-12 09:29:45 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0f54022a1bdeef5ab546845376d53867ff112fa

commit a0f54022a1bdeef5ab546845376d53867ff112fa
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2018-02-12 09:29:18 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2018-02-12 09:29:39 +0000

    media-gfx/icoutils: Security bump to version 0.32.2
    
    Bug: https://bugs.gentoo.org/647378
    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 media-gfx/icoutils/Manifest               |  1 +
 media-gfx/icoutils/icoutils-0.32.2.ebuild | 49 +++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)}
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-02-12 12:19:52 UTC 
@Arches please test and mark stable 0.32.2

Thank you
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-02-12 21:37:47 UTC 
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2018-02-16 11:31:31 UTC 
amd64 stable
Comment 6 Matt Turner gentoo-dev 2018-03-18 00:33:18 UTC 
ppc stable. all arches stable
Comment 7 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-03-18 00:49:26 UTC 
Thank you all,

GLSA Vote: No.