Summary: | <app-text/mupdf-1.10a-r2: NULL pointer dereference | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Ian Zimmerman <nobrowser> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | xmw |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.ghostscript.com/?p=mupdf.git;a=commit;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
=app-text/mupdf-1.10a-r2
|
Runtime testing required: | --- |
Description
Ian Zimmerman
2017-03-03 00:38:45 UTC
CVE-2017-5991 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5991): An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. I don't see this one handled along with bug 608702 or bug 608712 nor immediately recognize patch in files, so setting [upstream/ebuild] for now commit 8231bc27f9ef5caa6f21b3601047797c432adb7c Author: Michael Weber <xmw@gentoo.org> Date: Mon Mar 6 23:12:21 2017 +0100 app-text/mupdf: Revbump with patch for CVE-2017-5991. Package-Manager: Portage-2.3.4, Repoman-2.3.2 app-text/mupdf/files/mupdf-1.10a-null-pointer-2.patch app-text/mupdf/mupdf-1.10a-r2.ebuild (In reply to Michael Weber from comment #3) > commit 8231bc27f9ef5caa6f21b3601047797c432adb7c > Author: Michael Weber <xmw@gentoo.org> > Date: Mon Mar 6 23:12:21 2017 +0100 > > app-text/mupdf: Revbump with patch for CVE-2017-5991. > > Package-Manager: Portage-2.3.4, Repoman-2.3.2 > > app-text/mupdf/files/mupdf-1.10a-null-pointer-2.patch > app-text/mupdf/mupdf-1.10a-r2.ebuild Thank you for bumping :) Please call for stabilization once comfortable with its stability @arches: go ahead please. Stable for HPPA. amd64 stable x86 stable Tree is clean. commit 4f904b100300943c22586e4844d65e813c79e95e Author: Michael Weber <xmw@gentoo.org> Date: Fri Mar 10 13:29:34 2017 +0100 app-text/mupdf: Remove old version (bug 611444). Package-Manager: Portage-2.3.4, Repoman-2.3.2 app-text/mupdf/mupdf-1.10a-r1.ebuild commit 393c97a056216f7a4be689dccaeb1939a26bda25 Author: Michael Weber <xmw@gentoo.org> Date: Fri Mar 10 13:28:40 2017 +0100 app-text/mupdf: arm ppc ppc64 stable (bug 611444). Package-Manager: Portage-2.3.4, Repoman-2.3.2 app-text/mupdf/mupdf-1.10a-r2.ebuild GLSA Vote: No Thank you all for you work. Closing as [noglsa]. Because we have to do one GLSA for bug 614044 I'll add this one to the same advisory. This issue was resolved and addressed in GLSA 201706-08 at https://security.gentoo.org/glsa/201706-08 by GLSA coordinator Thomas Deutschmann (whissi). |