Summary: | <media-libs/jbig2dec-0.13: heap-based buffer overflow in jbig2_decode_symbol_dict() | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Flags: | stable-bot:
sanity-check+
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1208075 | ||
Whiteboard: | B2 [glsa] | ||
Package list: |
=media-libs/jbig2dec-0.13
|
Runtime testing required: | No |
Bug Depends on: | 607188 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2015-04-01 14:16:21 UTC
Pull request for new version fixing this issue: https://github.com/gentoo/gentoo/pull/2436 FTR I'm hesitating on how to proceed here, since jbig2dec-0.11 is GPL-3, but jbig2dec-0.13 is AGPL-3+. Ah well let's just do it. Arches please stabilize, target: all stable arches =media-libs/jbig2dec-0.13 amd64 stable Stable for HPPA. x86 stable ia64 stable Arches please proceed in bug 607188 Vulnerable versions removed Nothing to do for graphics here anymore. This issue was resolved and addressed in GLSA 201706-24 at https://security.gentoo.org/glsa/201706-24 by GLSA coordinator Kristian Fiskerstrand (K_F). |