Summary: | app-text/xpdf: Null pointer dereference (crash) (CVE-2019-17064) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | bircoph |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.cvedetails.com/cve/CVE-2019-17064/ | ||
Whiteboard: | C3 [noglsa cve] | ||
Package list: |
app-text/xpdf-4.02-r2
|
Runtime testing required: | --- |
Description
Sam James
2020-03-01 04:20:47 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ab1a068d867bd08ed5377a7b5a8d9e3ec046b18 commit 6ab1a068d867bd08ed5377a7b5a8d9e3ec046b18 Author: Andrew Savchenko <bircoph@gentoo.org> AuthorDate: 2020-03-01 20:03:46 +0000 Commit: Andrew Savchenko <bircoph@gentoo.org> CommitDate: 2020-03-01 20:06:21 +0000 app-text/xpdf: fix CVE-2019-17064 Fix NULL pointer dereference by initializing field before use. https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890#p42672 Bug: https://bugs.gentoo.org/711146 Package-Manager: Portage-2.3.82, Repoman-2.3.20 Signed-off-by: Andrew Savchenko <bircoph@gentoo.org> app-text/xpdf/files/xpdf-CVE-2019-17064.patch | 24 +++++ app-text/xpdf/xpdf-4.02-r2.ebuild | 141 ++++++++++++++++++++++++++ 2 files changed, 165 insertions(+) Arch teams, please stabilize app-text/xpdf-4.02-r2 containing CVE fix. amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa9c839a6550de397a577a9c6eca092badafe3f5 commit aa9c839a6550de397a577a9c6eca092badafe3f5 Author: Andrew Savchenko <bircoph@gentoo.org> AuthorDate: 2020-03-02 22:31:36 +0000 Commit: Andrew Savchenko <bircoph@gentoo.org> CommitDate: 2020-03-02 22:33:15 +0000 app-text/xpdf: remove old and vulnerable versions Bug: https://bugs.gentoo.org/711146 Package-Manager: Portage-2.3.82, Repoman-2.3.20 Signed-off-by: Andrew Savchenko <bircoph@gentoo.org> app-text/xpdf/xpdf-4.02-r1.ebuild | 140 -------------------------------------- app-text/xpdf/xpdf-4.02.ebuild | 113 ------------------------------ 2 files changed, 253 deletions(-) GLSA Vote: No Thank you all for you work. Closing as [noglsa]. |