Summary: | <media-libs/libsixel-1.8.6: multiple vulnerabilities (CVE-2019-{3573,11024}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | hattya, ovi |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/saitoha/libsixel/issues/82 | ||
See Also: |
https://github.com/gentoo/gentoo/pull/14790 https://bugs.gentoo.org/show_bug.cgi?id=717254 |
||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
D'juan McDonald (domhnall)
2019-01-05 17:22:45 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e37bb40b1098f42fafccb6ebd8fcd4534290b942 commit e37bb40b1098f42fafccb6ebd8fcd4534290b942 Author: Ovidiu-Dan Bogat <4z0r@ovidiu.at> AuthorDate: 2020-02-27 11:40:45 +0000 Commit: Akinori Hattori <hattya@gentoo.org> CommitDate: 2020-03-01 02:01:06 +0000 media-libs/libsixel: version bump to 1.8.6 Reported-by: D'juan McDonald <flopwiki@gmail.com> Bug: https://bugs.gentoo.org/674620 Closes: https://github.com/gentoo/gentoo/pull/14790 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Ovidiu-Dan Bogat <4z0r@ovidiu.at> Signed-off-by: Akinori Hattori <hattya@gentoo.org> media-libs/libsixel/Manifest | 1 + media-libs/libsixel/libsixel-1.8.6.ebuild | 49 +++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) @maintainer(s): please advise if you are ready for stabilisation or call for stabilisation yourself. (In reply to Sam James (sec padawan) from comment #2) > @maintainer(s): please advise if you are ready for stabilisation or call for > stabilisation yourself. ping. CVE-2019-11024 (https://nvd.nist.gov/vuln/detail/CVE-2019-11024): The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87827fc8f7223dbb4f3f09e488131c5f54e4f136 commit 87827fc8f7223dbb4f3f09e488131c5f54e4f136 Author: Akinori Hattori <hattya@gentoo.org> AuthorDate: 2020-04-30 12:58:41 +0000 Commit: Akinori Hattori <hattya@gentoo.org> CommitDate: 2020-04-30 12:58:41 +0000 media-libs/libsixel: drop old Bug: https://bugs.gentoo.org/674620 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Akinori Hattori <hattya@gentoo.org> media-libs/libsixel/Manifest | 2 -- media-libs/libsixel/libsixel-1.8.1.ebuild | 49 ------------------------------- media-libs/libsixel/libsixel-1.8.2.ebuild | 49 ------------------------------- 3 files changed, 100 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a944c1ab5e6137f9fc99b37ede3d5049f9dbe729 commit a944c1ab5e6137f9fc99b37ede3d5049f9dbe729 Author: Akinori Hattori <hattya@gentoo.org> AuthorDate: 2020-04-30 12:54:11 +0000 Commit: Akinori Hattori <hattya@gentoo.org> CommitDate: 2020-04-30 12:54:11 +0000 media-libs/libsixel: amd64/x86 stable Bug: https://bugs.gentoo.org/674620 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Akinori Hattori <hattya@gentoo.org> media-libs/libsixel/libsixel-1.8.6.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Thanks! |