Summary: | <app-text/mupdf-1.10a: use-after-free (CVE-2016-6265) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | xmw |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/07/21/5 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
=app-text/mupdf-1.10a
=dev-lang/mujs-0_p20161202 arm ppc
=app-text/llpp-23 amd64 ppc x86
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-07-27 09:30:38 UTC
There's a fix upstream for three months now. CVE-2016-6265 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6265): Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. Fixed in version 1.10 upstream. Version containing fixes (1.10a) is in tree now. commit 290927105365ff1f2374f383d7135ecf17f41cb1 Author: Michael Weber <xmw@gentoo.org> Date: Mon Jan 23 01:31:02 2017 +0100 app-text/mupdf: Version bump (https://github.com/gentoo/gentoo/pull/3108, thanks charIes17). Package-Manager: Portage-2.3.3, Repoman-2.3.1 amd64 stable x86 stable Stable for HPPA PPC64. ppc stable @arm: ping! Users are getting edgy, https://github.com/gentoo/gentoo/pull/3727 arm stable, all arches done. commit 2af6b2174d988ef90e8178a6c13839d33af70f35 Author: Michael Weber <xmw@gentoo.org> Date: Sun Feb 5 18:24:55 2017 +0100 app-text/mupdf: Remove old versions (bug 600674, 590480, 589826). Package-Manager: Portage-2.3.3, Repoman-2.3.1 added to GLSA. This issue was resolved and addressed in GLSA 201702-12 at https://security.gentoo.org/glsa/201702-12 by GLSA coordinator Thomas Deutschmann (whissi). |