Summary: | <media-libs/libwebp-0.2.1: integer overflow (CVE-2012-5127) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chromium, graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=442096 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mike Gilbert
![]() I'll have to verify that 0.2.1 contains the fix. Release notes do mention _some_ security fixes. Not sure why upstream is not more precise. 0.2.1 in Portage CVE-2012-5127 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127): Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image. Arch teams, please test and mark stable: =media-libs/libwebp-0.2.1 Stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 x86 amd64 stable Stable for HPPA. stable arm ppc ppc64 x86 done. alpha/ia64 stable Thanks, everyone. New GLSA request filed. This issue was resolved and addressed in GLSA 201312-08 at http://security.gentoo.org/glsa/glsa-201312-08.xml by GLSA coordinator Sergey Popov (pinkbyte). |