Summary: | <app-text/mupdf-1.11: count_entries function in pdf-layer.c allows stack consumption | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | xmw |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.ghostscript.com/show_bug.cgi?id=697400 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
=app-text/mupdf-1.11 amd64 arm hppa ppc ppc64 x86
=app-text/llpp-26b amd64 ppc x86
|
Runtime testing required: | --- |
Bug Depends on: | 614044, 616826, 617522 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2017-04-06 15:28:54 UTC
Lets wait for some reaction from upstream. 1.11-rc1 was tagged a week ago. The version bump includes the upstream patch mentioned on upstreams bugtracker. commit 7e51c0aae90d1611ff7674963a0e3989e6124e5d Author: Michael Weber <xmw@gentoo.org> Date: Fri Apr 28 11:33:04 2017 +0200 app-text/mupdf: Version bump (bug 616652), make mupdf-gl default if available (bug 616654), thanks Massimo Burcheri. Package-Manager: Portage-2.3.5, Repoman-2.3.2 app-text/mupdf/Manifest app-text/mupdf/files/mupdf-1.11-CFLAGS.patch app-text/mupdf/files/mupdf-1.11-openssl-curl-x11.patch app-text/mupdf/files/mupdf-1.11-system-glfw.patch app-text/mupdf/mupdf-1.11.ebuild Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. Let's figure out bug 616826, first. With the dependency closed are we ready for stabilization? (In reply to Yury German from comment #5) > With the dependency closed are we ready for stabilization? Yes, please! An automated check of this bug failed - repoman reported dependency errors (43 lines truncated):
> dependency.bad app-text/mupdf/mupdf-1.11.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=media-libs/glfw-3.2']
> dependency.bad app-text/mupdf/mupdf-1.11.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=media-libs/glfw-3.2']
> dependency.bad app-text/mupdf/mupdf-1.11.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=media-libs/glfw-3.2']
An automated check of this bug failed - repoman reported dependency errors (43 lines truncated):
> dependency.bad app-text/mupdf/mupdf-1.11.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=media-libs/glfw-3.2']
> dependency.bad app-text/mupdf/mupdf-1.11.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=media-libs/glfw-3.2']
> dependency.bad app-text/mupdf/mupdf-1.11.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=media-libs/glfw-3.2']
Stable for HPPA. An automated check of this bug succeeded - the previous repoman errors are now resolved. amd64 stable x86 stable New stabilization request in 614044, remove remaining arches. Added to an existing GLSA. This issue was resolved and addressed in GLSA 201706-08 at https://security.gentoo.org/glsa/201706-08 by GLSA coordinator Thomas Deutschmann (whissi). |