Summary: | <dev-java/pdfbox-1.8.15: infinite loop in AFMParser.java allows for out of memory erros via crafted PDF (CVE-2018-8036) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Florian Schuhmacher <mynt1aa> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | java |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2018/q2/254 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=dev-java/pdfbox-1.8.15
|
Runtime testing required: | --- |
Deadline: | 2018-09-16 |
Description
Florian Schuhmacher
2018-06-30 07:53:58 UTC
Fixed in version 1.8.15, https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12343070 @maintainer(s): any one considering bulk stabilization for dev-java/* to handle the mounting security bugs? Just asking... as several are still unconfirmed yet fixes are available for later versions. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=912353d609d58ac29c5d9aa2f39259dcaebd2d2a commit 912353d609d58ac29c5d9aa2f39259dcaebd2d2a Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-09-11 12:17:28 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-09-11 12:17:28 +0000 dev-java/pdfbox: bump to v1.8.15 Bug: https://bugs.gentoo.org/659648 Package-Manager: Portage-2.3.49, Repoman-2.3.10 dev-java/pdfbox/Manifest | 1 + dev-java/pdfbox/pdfbox-1.8.15.ebuild | 78 ++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) @arches, please stabilize. amd64 stable x86 stable Looking good on ppc64. # cat pdfbox-659648.report USE tests started on Fr 7. Dez 23:42:39 CET 2018 FEATURES=' test' USE='' succeeded for =dev-java/pdfbox-1.8.15 USE='-doc -source' succeeded for =dev-java/pdfbox-1.8.15 USE='doc -source' succeeded for =dev-java/pdfbox-1.8.15 USE='-doc source' succeeded for =dev-java/pdfbox-1.8.15 USE='doc source' succeeded for =dev-java/pdfbox-1.8.15 revdep tests started on Sa 8. Dez 00:03:04 CET 2018 FEATURES=' test' USE='' succeeded for dev-tex/pdfannotextractor ppc64 stable @maintainer, please clean. tree is clean |