Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 847985 (CVE-2021-42612, CVE-2021-42613, CVE-2021-42614) - <app-text/halibut-1.3: multiple vulnerabilities
Summary: <app-text/halibut-1.3: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2021-42612, CVE-2021-42613, CVE-2021-42614
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://carteryagemann.com/halibut-ca...
Whiteboard: B3 [glsa?]
Keywords:
Depends on: 848528
Blocks:
  Show dependency tree
 
Reported: 2022-05-28 22:32 UTC by John Helmert III
Modified: 2024-01-13 14:05 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-28 22:32:26 UTC
CVE-2021-42614:

A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.

CVE-2021-42613:

A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.

CVE-2021-42612:

A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.

Emailed the guy at URL to inquire about upstream report(s)/fixes.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-29 16:22:40 UTC
Dr. Yagemann claims the issues are fixed in 1.3.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-02 03:54:06 UTC
Thanks! Please cleanup