Summary: | <media-libs/giflib-5.2.1-r1: divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c (CVE-2019-15133) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | asturm, graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13008#c6 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
media-libs/giflib-5.2.1-r1
|
Runtime testing required: | --- |
Bug Depends on: | 711908 | ||
Bug Blocks: |
Description
Sam James
2020-03-02 01:54:16 UTC
*** Bug 707326 has been marked as a duplicate of this bug. *** Arches please stabilise. x86 stable sparc stable arm stable ppc stable amd64 stable ia64 stable ppc64 stable arm64 stable hppa stable Thanks arches. @maintainer(s), please cleanup the vulnerable ebuild(s). Unfortunately cleanup is blocked by dotnet. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5eac496a50b7aeb6e2d156658348ac8cfb505bf commit d5eac496a50b7aeb6e2d156658348ac8cfb505bf Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-25 20:55:03 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-25 20:55:13 +0000 media-libs/giflib: security cleanup (bug #711272) Bug: https://bugs.gentoo.org/711272 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> media-libs/giflib/Manifest | 1 - media-libs/giflib/giflib-5.1.4.ebuild | 65 ----------------------------------- 2 files changed, 66 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f63de241ae62ab576ec6c388d7e00879b59c51e8 commit f63de241ae62ab576ec6c388d7e00879b59c51e8 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-25 20:54:21 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-25 20:55:12 +0000 media-libs/giflib: mark s390 stable (bug #711272) Bug: https://bugs.gentoo.org/711272 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> media-libs/giflib/giflib-5.2.1-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) GLSA Vote: No Repository is clean, all done! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1fa78949e3a48ee281bb462f705debf31b34ac80 commit 1fa78949e3a48ee281bb462f705debf31b34ac80 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-25 21:29:04 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-25 21:30:10 +0000 Revert "media-libs/giflib: security cleanup (bug #711272)" This reverts commit d5eac496a50b7aeb6e2d156658348ac8cfb505bf. Bug: https://bugs.gentoo.org/711272 Bug: https://bugs.gentoo.org/711908 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> media-libs/giflib/Manifest | 1 + media-libs/giflib/giflib-5.1.4.ebuild | 65 +++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) Re-opening for cleanup :( Reminder - Maintainer(s), please drop the vulnerable version(s). (In reply to Andreas Sturmlechner from comment #13) > Unfortunately cleanup is blocked by dotnet. Resetting sanity check; keywords are not fully specified and arches are not CC-ed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4abb3090b49ca462949138c0aeed3387a1473f56 commit 4abb3090b49ca462949138c0aeed3387a1473f56 Author: David Seifert <soap@gentoo.org> AuthorDate: 2020-05-16 21:27:09 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2020-05-16 21:27:09 +0000 media-libs/giflib: Remove old Bug: https://bugs.gentoo.org/711272 Closes: https://github.com/gentoo/gentoo/pull/15835 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: David Seifert <soap@gentoo.org> media-libs/giflib/Manifest | 1 - media-libs/giflib/giflib-5.1.4.ebuild | 65 ----------------------------------- 2 files changed, 66 deletions(-) Thanks! |