Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 605554

Summary: <dev-lang/mujs-1.0.4: null pointer dereference and Heap buffer overflow write
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: slawomir.nizio, vdupras, xmw
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2017/01/12/9
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2017-01-13 09:17:31 UTC 
From ${URL} :

1. Null pointer dereference in regexp.c

    The return value from malloc is not properly checked before dereferencing it which can result in a crash.

     More details on the bug in the bug report at:
     https://bugs.ghostscript.com/show_bug.cgi?id=697381

     This has been fixed by the MUJS team in the commit:
http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569

2. Heap buffer overflow write in jsrun.c: js_stackoverflow()

    There was a logical error in the code which can be used to trigger a heap overflow write.

    More details on the bug in the bug report at:
    https://bugs.ghostscript.com/show_bug.cgi?id=697401

    The same has been fixed by the MUJS team in the commit:
http://git.ghostscript.com/?p=mujs.git;a=commit;h=77ab465f1c394bb77f00966cd950650f3f53cb24



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Larry the Git Cow gentoo-dev 2018-10-07 02:15:28 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63926daea9a8a9b4e5e6f49b5159b5cdd6dd39b7

commit 63926daea9a8a9b4e5e6f49b5159b5cdd6dd39b7
Author:     Virgil Dupras <vdupras@gentoo.org>
AuthorDate: 2018-10-07 02:13:03 +0000
Commit:     Virgil Dupras <vdupras@gentoo.org>
CommitDate: 2018-10-07 02:13:03 +0000

    dev-lang/mujs: bump to 1.0.4
    
    Bug: https://bugs.gentoo.org/605554
    Bug: https://bugs.gentoo.org/646784
    Signed-off-by: Virgil Dupras <vdupras@gentoo.org>
    Package-Manager: Portage-2.3.50, Repoman-2.3.11

 dev-lang/mujs/Manifest                      |  1 +
 dev-lang/mujs/files/mujs-1.0.4-gentoo.patch | 23 ++++++++++++++++
 dev-lang/mujs/mujs-1.0.4.ebuild             | 42 +++++++++++++++++++++++++++++
 3 files changed, 66 insertions(+)
Comment 2 Virgil Dupras (RETIRED) gentoo-dev 2018-11-26 02:25:19 UTC 
When I bumped and cleaned in october, I didn't touch this bug, expecting it to follow bug 646784, but it didn't. Updating whiteboard. Cleanup has already been made.