Summary: | <net-print/cups-filters-1.0.71: Incorrect fix for heap-based buffer overflow (CVE-2015-3279) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | printing |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2015/q3/18 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
![]() +*cups-filters-1.0.71 (03 Jul 2015) + + 03 Jul 2015; Andreas K. Huettel <dilfridge@gentoo.org> + +cups-filters-1.0.71.ebuild: + Version bump, bug 553836 + Arches please stabilize net-print/cups-filters-1.0.71 Target: all stable arches Stable for HPPA PPC64. Stable on alpha. amd64 stable arm stable stable for ppc. x86 stable CVE-2015-3279 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3279): Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow. ia64 stable sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Maintainer(s), Thank you for you for cleanup. Added to an existing GLSA Request. Maintainer(s), please drop the vulnerable version(s). Cleanup done. This issue was resolved and addressed in GLSA 201510-08 at https://security.gentoo.org/glsa/201510-08 by GLSA coordinator Kristian Fiskerstrand (K_F). |