CVE-2019-11413 (https://nvd.nist.gov/vuln/detail/CVE-2019-11413): An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check. CVE-2019-11412 (https://nvd.nist.gov/vuln/detail/CVE-2019-11412): An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call. CVE-2019-11411 (https://nvd.nist.gov/vuln/detail/CVE-2019-11411): An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.
Let's just stabilise this now given it's been in tree a while and no bugs reported.
x86 stable
arm stable
amd64 stable
ppc stable
ppc64 stable
s390 stable
sparc stable
hppa stable
arm64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9366bf8bbecf7e0245ffd8e6fb35967b9ebf7963 commit 9366bf8bbecf7e0245ffd8e6fb35967b9ebf7963 Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-06-19 17:48:34 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-06-26 20:42:03 +0000 dev-lang/mujs: security cleanup Bug: https://bugs.gentoo.org/719248 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/16327 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-lang/mujs/Manifest | 1 - dev-lang/mujs/mujs-1.0.5.ebuild | 55 ----------------------------------------- 2 files changed, 56 deletions(-)
GLSA vote: yes
This issue was resolved and addressed in GLSA 202007-52 at https://security.gentoo.org/glsa/202007-52 by GLSA coordinator Sam James (sam_c).
