Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 614852 (CVE-2016-10221)

Summary: <app-text/mupdf-1.11: count_entries function in pdf-layer.c allows stack consumption
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: xmw
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugs.ghostscript.com/show_bug.cgi?id=697400
Whiteboard: B3 [glsa cve]
Package list:
=app-text/mupdf-1.11 amd64 arm hppa ppc ppc64 x86 =app-text/llpp-26b amd64 ppc x86
Runtime testing required: ---
Bug Depends on: 614044, 616826, 617522    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2017-04-06 15:28:54 UTC
From ${URL} :

The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF allows attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document. 

Upstream bug:

https://bugs.ghostscript.com/show_bug.cgi?id=697400


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Michael Weber (RETIRED) gentoo-dev 2017-04-07 22:50:14 UTC
Lets wait for some reaction from upstream. 1.11-rc1 was tagged a week ago.
Comment 2 Michael Weber (RETIRED) gentoo-dev 2017-04-28 09:35:42 UTC
The version bump includes the upstream patch mentioned on upstreams bugtracker.

commit 7e51c0aae90d1611ff7674963a0e3989e6124e5d
Author: Michael Weber <xmw@gentoo.org>
Date:   Fri Apr 28 11:33:04 2017 +0200

    app-text/mupdf: Version bump (bug 616652), make mupdf-gl default if available (bug 616654), thanks Massimo Burcheri.
    
    Package-Manager: Portage-2.3.5, Repoman-2.3.2

app-text/mupdf/Manifest
app-text/mupdf/files/mupdf-1.11-CFLAGS.patch
app-text/mupdf/files/mupdf-1.11-openssl-curl-x11.patch
app-text/mupdf/files/mupdf-1.11-system-glfw.patch
app-text/mupdf/mupdf-1.11.ebuild
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2017-04-28 20:57:46 UTC
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
Comment 4 Michael Weber (RETIRED) gentoo-dev 2017-04-28 21:08:25 UTC
Let's figure out bug 616826, first.
Comment 5 Yury German Gentoo Infrastructure gentoo-dev Security 2017-04-29 16:05:45 UTC
With the dependency closed are we ready for stabilization?
Comment 6 Michael Weber (RETIRED) gentoo-dev 2017-05-04 19:54:51 UTC
(In reply to Yury German from comment #5)
> With the dependency closed are we ready for stabilization?

Yes, please!
Comment 7 Stabilization helper bot gentoo-dev 2017-05-04 20:01:06 UTC
An automated check of this bug failed - repoman reported dependency errors (43 lines truncated): 

> dependency.bad app-text/mupdf/mupdf-1.11.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=media-libs/glfw-3.2']
> dependency.bad app-text/mupdf/mupdf-1.11.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=media-libs/glfw-3.2']
> dependency.bad app-text/mupdf/mupdf-1.11.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=media-libs/glfw-3.2']
Comment 8 Stabilization helper bot gentoo-dev 2017-05-04 21:01:28 UTC
An automated check of this bug failed - repoman reported dependency errors (43 lines truncated): 

> dependency.bad app-text/mupdf/mupdf-1.11.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=media-libs/glfw-3.2']
> dependency.bad app-text/mupdf/mupdf-1.11.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=media-libs/glfw-3.2']
> dependency.bad app-text/mupdf/mupdf-1.11.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=media-libs/glfw-3.2']
Comment 9 Jeroen Roovers gentoo-dev 2017-05-06 10:11:26 UTC
Stable for HPPA.
Comment 10 Stabilization helper bot gentoo-dev 2017-05-06 11:01:25 UTC
An automated check of this bug succeeded - the previous repoman errors are now resolved.
Comment 11 Agostino Sarubbo gentoo-dev 2017-05-06 13:26:57 UTC
amd64 stable
Comment 12 Agostino Sarubbo gentoo-dev 2017-05-07 10:36:58 UTC
x86 stable
Comment 13 Michael Weber (RETIRED) gentoo-dev 2017-05-08 13:28:16 UTC
New stabilization request in 614044, remove remaining arches.
Comment 14 Thomas Deutschmann gentoo-dev Security 2017-06-03 23:55:15 UTC
Added to an existing GLSA.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2017-06-06 08:58:46 UTC
This issue was resolved and addressed in
 GLSA 201706-08 at https://security.gentoo.org/glsa/201706-08
by GLSA coordinator Thomas Deutschmann (whissi).