Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 722516 (CVE-2020-11863, CVE-2020-11864, CVE-2020-11865, CVE-2020-11866)

Summary: <media-libs/libemf-1.0.12: Multiple vulnerabilities (CVE-2020-{11863,11864,11865,11866})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: maintainer-needed, pacho
Priority: Normal Flags: nattka: sanity-check-
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/
Whiteboard: B3 [noglsa cve]
Package list:
=media-libs/libemf-1.0.12 amd64 x86 ppc ppc64 sparc
Runtime testing required: ---
Bug Depends on: 728806    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2020-05-11 17:18:02 UTC
Details forthcoming.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-11 17:20:03 UTC
* CVE-2020-11863

Description:
"libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2)."

* CVE-2020-11864

Description:
"libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2)."

* CVE-2020-11865

Description:
"libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access."

* CVE-2020-1866

Description:
"libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free."
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-11 22:39:10 UTC
*** Bug 724442 has been marked as a duplicate of this bug. ***
Comment 3 NATTkA bot gentoo-dev 2020-06-14 21:08:44 UTC
Unable to check for sanity:

> package masked: media-libs/libemf-1.0.12, by keywords: -arm
Comment 4 NATTkA bot gentoo-dev 2020-06-14 21:13:02 UTC
Unable to check for sanity:

> package masked: media-libs/libemf-1.0.12, by keywords: -arm
Comment 5 NATTkA bot gentoo-dev 2020-06-15 07:20:38 UTC
All sanity-check issues have been resolved
Comment 6 NATTkA bot gentoo-dev 2020-06-15 07:48:33 UTC
Unable to check for sanity:

> package masked: media-libs/libemf-1.0.12, by keywords: -arm
Comment 7 NATTkA bot gentoo-dev 2020-06-15 13:40:47 UTC
Unable to check for sanity:

> package masked: media-libs/libemf-1.0.12, by keywords: -arm
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2020-06-15 21:02:50 UTC
ppc/ppc64 stable
Comment 9 NATTkA bot gentoo-dev 2020-06-16 03:44:56 UTC
All sanity-check issues have been resolved
Comment 10 Rolf Eike Beer archtester 2020-06-16 16:44:39 UTC
sparc stable
Comment 11 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-20 00:44:16 UTC
We'll stable in bug 728806 instead.
Comment 12 NATTkA bot gentoo-dev 2020-06-21 17:16:55 UTC
Unable to check for sanity:

> dependent bug #728806 is missing keywords
Comment 13 NATTkA bot gentoo-dev 2020-07-16 01:08:50 UTC
Unable to check for sanity:

> no match for package: =media-libs/libemf-1.0.12