Summary: | media-libs/lcms: Stack-based buffer overflows in ColorSpace conversion calculator and TIFF compare utility (CVE-2013-4276) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | printing |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=992975 | ||
Whiteboard: | A2 [glsa mask] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 526642 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-08-05 20:33:52 UTC
*lcms-1.19-r3 (23 Oct 2014) 23 Oct 2014; Matthias Maier <tamiko@gentoo.org> +files/lcms-1.19-cve-2013-4276.patch, +lcms-1.19-r3.ebuild: fix CVE-2013-4276 wrt bug #479874 There is already a STABLEREQ bug report for lcms:0 (vulnerable version 1.9-r2) in bug #525262 In order to drop all vulnerable versions lcms-1.19 lcms-1.19-r1 lcms-1.19-r2 version 1.19-r3 has to be stabilized for the following arches: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 *** Bug 525262 has been marked as a duplicate of this bug. *** Stable for HPPA. lcms:0 will be removed from the tree. After talk with the maintainer we don't need to stabilize here. This issue was resolved and addressed in GLSA 201412-46 at http://security.gentoo.org/glsa/glsa-201412-46.xml by GLSA coordinator Yury German (BlueKnight). How can this be resolved with insecure versions of 1.9 still in the tree, and with a critical package (app-emulation/emul-linux-x86-baselibs) actually depending on one of the insecure versions? (In reply to throw_away_2002 from comment #6) > How can this be resolved with insecure versions of 1.9 still in the tree, Masked for removal 27 May 2015; Matthias Maier <tamiko@gentoo.org> package.mask: mask lcms:0 for removal, bug #526642 |