Summary: | <media-libs/jbig2dec-0.13-r4 : multiple integer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | graphics+disabled, printing, slyfox |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: |
media-libs/jbig2dec-0.13-r4
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 620202 |
Description
Agostino Sarubbo
2017-04-24 11:35:47 UTC
Upstream fixes: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d Patched in our -r3. (In reply to Andreas K. Hüttel from comment #2) > Patched in our -r3. Nope, there was a stray # in the ebuild. Patched in our -r4. Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. Please stabilize media-libs/jbig2dec-0.13-r4 (all stable arches) x86 stable amd64 stable Stable on alpha. ppc stable ppc64 stable arm stable ia64 stable sparc stable Arches or maintainers please stabilize for hppa ASAP. Security will release GLSA for this in 7 days with or without hppa arch being stable. This issue was resolved and addressed in GLSA 201708-10 at https://security.gentoo.org/glsa/201708-10 by GLSA coordinator Aaron Bauman (b-man). @maintainer(s), reopening for cleanup. HPPA is still pending stable as well. Please drop vulnerable versions from the tree. If you so choose, please drop hppa support during cleanup. Slyfox, this is holding up a security bug. Please stabilize or drop from stable keywords for hppa. hppa stable Thank you all, Closing as GLSA was already released. Gentoo Security Padawan ChrisADR |