Summary: | <app-text/mupdf-1.11-r1: mujstest: stack-based buffer overflow in main (jstest_main.c) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | xmw |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://blogs.gentoo.org/ago/2017/02/17/mupdf-mujstest-stack-based-buffer-overflow-in-main-jstest_main-c/ | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=app-text/mupdf-1.11-r1 amd64 arm hppa ppc ppc64 x86
=app-text/llpp-26b amd64 ppc x86
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 614852 |
Description
Agostino Sarubbo
2017-03-27 09:39:01 UTC
CVE ID: CVE-2017-6060 Summary: Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image. Published: 2017-03-15T14:59:00.000Z commit d08384446c68c67ba03615b921f35b7d4929580d Author: Michael Weber <xmw@gentoo.org> Date: Mon May 8 15:23:42 2017 +0200 app-text/mupdf: Revbump for security patch (bug 614044). Package-Manager: Portage-2.3.5, Repoman-2.3.2 app-text/mupdf/files/mupdf-1.11-CVE-2017-6060.patch app-text/mupdf/mupdf-1.11-r1.ebuild @arches: please stabilize. Stable for HPPA. amd64 stable x86 stable arm stable ppc ppc64 stable, all arches done. commit 8e97b8c1e02d7b8313779001d2dcd8b10f691f18 Author: Michael Weber <xmw@gentoo.org> Date: Sun May 14 00:45:46 2017 +0200 app-text/mupdf: Remove security affected versions (bug 614044). Package-Manager: Portage-2.3.5, Repoman-2.3.2 app-text/mupdf/Manifest app-text/mupdf/files/mupdf-1.10a-Makerules-openssl-curl.patch app-text/mupdf/files/mupdf-1.10a-heap-overflow.patch app-text/mupdf/files/mupdf-1.10a-null-pointer-2.patch app-text/mupdf/files/mupdf-1.10a-null-pointer.patch app-text/mupdf/files/mupdf-1.8-system-glfw.patch app-text/mupdf/files/mupdf-1.9a-CFLAGS.patch app-text/mupdf/mupdf-1.10a-r2.ebuild app-text/mupdf/mupdf-1.11.ebuild This issue was resolved and addressed in GLSA 201706-08 at https://security.gentoo.org/glsa/201706-08 by GLSA coordinator Thomas Deutschmann (whissi). |