Summary: | <media-gfx/optipng-0.7.6-r2: Global buffer overflow (CVE-2017-16938) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sping |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa cve cleanup] | ||
Package list: |
=media-gfx/optipng-0.7.6-r2
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
![]() @Maintainer please let us know if we are affected. Call for stabilization when ready if that's the case. Thank you. commit 0da7381ee3668b7d015fc4082a001dcda0b94707 Author: Sebastian Pipping <sping@g.o> Date: Mon Dec 4 20:37:28 2017 +0100 media-gfx/optipng: CVE-2017-16938 Package-Manager: Portage-2.3.16, Repoman-2.3.6 .../files/optipng-0.7.6-cve-2017-16938.patch | 22 ++++++++ media-gfx/optipng/optipng-0.7.6-r2.ebuild | 59 ++++++++++++++++++++++ 2 files changed, 81 insertions(+) [1]+ Done meld optipng-0.7.6-r{1,2}.ebuild https://github.com/gentoo/gentoo/commit/0da7381ee3668b7d015fc4082a001dcda0b94707 (In reply to Christopher Díaz Riveros from comment #1) > @Maintainer please let us know if we are affected. Proof of concept file segfaults on amd64, no more crash with upstream patch. Applied in Gentoo now. (In reply to Christopher Díaz Riveros from comment #1) > Call for stabilization when ready if that's the case. Adding targets: amd64 ppc64 ppc x86 # eshowkw Keywords for media-gfx/optipng: | | u | | a a p a n r s | n | | l m h i p r m m i i s p | e u s | r | p d a p a p c x m i 6 o s 3 a | a s l | e | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o | p | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t | o ------------+---------------------------------+-------+------- 0.7.6-r1 | ~ + ~ o o + + + o o o o o o o o | 4 o 0 | gentoo [I]0.7.6-r2 | ~ ~ ~ o o ~ ~ ~ o o o o o o o o | 6 o | gentoo x86 stable ppc/ppc64 stable Added to an existing GLSA. amd64 stable. Maintainer(s), please cleanup. (In reply to Agostino Sarubbo from comment #6) > Maintainer(s), please cleanup. commit f836c9c5676d9d55c4082ac0343122755ccdf9d9 Author: Sebastian Pipping <sping@g.o> Date: Wed Jan 3 20:36:06 2018 +0100 media-gfx/optipng: Remove 0.7.6-r1 (bug 639690) Package-Manager: Portage-2.3.16, Repoman-2.3.6 media-gfx/optipng/optipng-0.7.6-r1.ebuild | 56 ------------------------------- 1 file changed, 56 deletions(-) https://github.com/gentoo/gentoo/commit/f836c9c5676d9d55c4082ac0343122755ccdf9d9 This issue was resolved and addressed in GLSA 201801-02 at https://security.gentoo.org/glsa/201801-02 by GLSA coordinator Aaron Bauman (b-man). |