Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 847985 (CVE-2021-42612, CVE-2021-42613, CVE-2021-42614) - <app-text/halibut-1.3: multiple vulnerabilities
Summary: <app-text/halibut-1.3: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2021-42612, CVE-2021-42613, CVE-2021-42614
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://carteryagemann.com/halibut-ca...
Whiteboard: B3 [glsa?]
Keywords:
Depends on: 848528
Blocks:
  Show dependency tree
 
Reported: 2022-05-28 22:32 UTC by John Helmert III
Modified: 2024-01-13 14:05 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-28 22:32:26 UTC 
CVE-2021-42614:

A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.

CVE-2021-42613:

A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.

CVE-2021-42612:

A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.

Emailed the guy at URL to inquire about upstream report(s)/fixes.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-29 16:22:40 UTC 
Dr. Yagemann claims the issues are fixed in 1.3.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-02 03:54:06 UTC 
Thanks! Please cleanup