Summary: | <media-libs/harfbuzz-1.7.2: Use-of-uninitialized-value in OT::RangeRecord::cmp | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | floppym, gnome, kuzetsa, leio, office, polynomial-c |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=843 | ||
Whiteboard: | A3 [noglsa] | ||
Package list: |
media-libs/harfbuzz-1.7.2
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2017-06-13 07:08:30 UTC
(In reply to Agostino Sarubbo from comment #0) > Commit fix: it is unfixed upstream Is it even reported upstream? (In reply to Andreas Sturmlechner from comment #2) > Is it even reported upstream? I believe so: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1856 https://github.com/harfbuzz/harfbuzz/commit/e5930722d485207ca158612a2b08816337fed7e8 Should be fixed in media-libs/harfbuzz-1.7.2. *** Bug 640336 has been marked as a duplicate of this bug. *** sparc stable (thanks to Rolf Eike Beer) amd64 stable x86 stable arm stable ia64 stable ppc stable ppc64 stable hppa stable Stable on alpha. arm64 stable; no glsa voting going on here? No CVE requested for this by upstream and no PoC available. While it is rated an A3, due to a potential for DoS, I am closing this without a GLSA due to lack of the previously mentioned items. |