Summary: | <app-text/qpdf-7.0.0: multiple infinite loop | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | printing, weigt.mathias | ||||
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B3 [noglsa cve] | ||||||
Package list: |
app-text/qpdf-7.0.0
|
Runtime testing required: | --- | ||||
Bug Depends on: | 646366 | ||||||
Bug Blocks: | 629116, 641340 | ||||||
Attachments: |
|
Description
Agostino Sarubbo
2017-07-28 15:01:49 UTC
Created attachment 498598 [details]
QPDF Vulnerbility Tests
@Maintainer(s):
The newest version 7.0.0 fixes these bugs. I tested these vulnerabilities with version 5.1.1-r1, and the version appears to be affected. You may view this in the attachment. Please advise on how you would like to proceed.
Adding CVE-2017-9208,CVE-2017-9209,CVE-2017-9210 to the list of infinite loops @ Maintainer(s): Please state if you are ready for stabilization. amd64 stable Looking good on ppc. # cat qpdf-626446.report USE tests started on Sa 20. Jan 19:57:43 CET 2018 USE='-doc -examples -perl -static-libs' succeeded for =app-text/qpdf-7.0.0 USE='doc -examples -perl -static-libs' succeeded for =app-text/qpdf-7.0.0 USE='-doc examples -perl -static-libs' succeeded for =app-text/qpdf-7.0.0 USE='doc examples -perl -static-libs' succeeded for =app-text/qpdf-7.0.0 USE='-doc examples perl -static-libs' succeeded for =app-text/qpdf-7.0.0 USE='doc examples perl -static-libs' succeeded for =app-text/qpdf-7.0.0 USE='-doc -examples -perl static-libs' succeeded for =app-text/qpdf-7.0.0 USE='doc -examples -perl static-libs' succeeded for =app-text/qpdf-7.0.0 USE='doc examples -perl static-libs' succeeded for =app-text/qpdf-7.0.0 USE='-doc -examples perl static-libs' succeeded for =app-text/qpdf-7.0.0 USE='-doc examples perl static-libs' succeeded for =app-text/qpdf-7.0.0 USE='doc examples perl static-libs' succeeded for =app-text/qpdf-7.0.0 FEATURES= test succeeded for =app-text/qpdf-7.0.0 revdep tests started on Sa 20. Jan 22:35:02 CET 2018 FEATURES= test USE='pclm' succeeded for net-print/cups-filters ppc stable (thanks to ernsteiswuerfel) Adding my email to track. qpdf-7.0.0 and 7.1.0 cause cups-filters to not build on my stable machine. Falling back to the qpdf-5 version works. Will wait for this to be solved before posting another bug report. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=caf493509f53379aa0066c30f5197d7a8017f414 commit caf493509f53379aa0066c30f5197d7a8017f414 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-01-21 19:33:08 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-01-21 20:27:46 +0000 app-text/qpdf: x86 stable Bug: https://bugs.gentoo.org/626446 Package-Manager: Portage-2.3.19, Repoman-2.3.6 app-text/qpdf/qpdf-7.0.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} sparc stable (thanks to Rolf Eike Beer) Stable on alpha. ia64 stable commit 3f096c35bf4beeb405bfa6673b5cb2734e40efc9 Author: Rolf Eike Beer <eike@sf-mail.de> Date: Tue Feb 6 18:20:59 2018 +0100 app-text/qpdf: stable 7.0.0 for hppa, bug #626446 there is no stable qpdf on arm64 right now and nothing stable revdeps on it yet/anymore, unCCing ppc64 stable arm stable, all arches done. @Maintainers please remove vulnerable versions. GLSA Vote: No. Thank you cleanup will be tracked in bug #647776 |