Summary: | <media-gfx/potrace-1.15: heap-based buffer over-read (CVE-2017-12067) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aleksandr Wagner (Kivak) <alwag> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | fonts, graphics+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=media-gfx/potrace-1.15
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 610062, 614056 |
Description
Aleksandr Wagner (Kivak)
2017-08-01 17:49:22 UTC
Version 1.15 is now in the tree. Keywords for media-gfx/potrace: | | u | | a a p a n r s | n | | l m h i p r m m i i s p | e u s | r | p d a p a p c x m i 6 o s 3 a | a s l | e | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o | p | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t | o -----+---------------------------------+-------+------- 1.13 | + + + + + + + + o o o o o ~ ~ + | 5 o 0 | gentoo 1.14 | + + + ~ + + + + ~ o o o o ~ ~ + | 5 o | gentoo 1.15 | ~ ~ ~ ~ ~ ~ ~ ~ ~ o o o o ~ ~ ~ | 6 o | gentoo @Maintainer(s): Please state when version 1.15 is ready for stabilization, thank you. x86 stable Stable on amd64 ia64 stable ppc/ppc64 stable Stable on alpha. arm stable hppa stable Stabilization has been complete, thank you arches. @ Maintainer(s): Please clean the vulnerable versions from the tree. PoC [1] shows crash (DoS). No PoC for ACE/RCE. [1]: https://github.com/hackerlib/hackerlib-vul/tree/master/potrace/heap-buffer-overflow-mkbitmap GLSA Vote: No @maintainer(s), please clean the vulnerable versions. (In reply to Aaron Bauman from comment #11) > @maintainer(s), please clean the vulnerable versions. To ensure it is not missed... sparc has two stable versions with the vulnerable ebuilds, but is now an unstable arch. So the maintainer is left with the decision. @Maintaineres it's been over 4 months since all arches are done, I'm CCing sparc to let them know that they need to stabilize, but if they don't respond quickly, please finish cleanup. Thank you, commit cc1662e218a1e2f6941e6e07ff325f0bcb12438d Author: Rolf Eike Beer <eike@sf-mail.de> Date: Thu Mar 22 18:10:36 2018 +0100 media-gfx/potrace: stable 1.15 for sparc, bug #626820 tree is clean |