Summary: | media-libs/libwmf: Flawed malloc implementation allowing denial of service (CVE-2016-9011) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | IN_PROGRESS --- | ||||||||||
Severity: | minor | CC: | maintainer-needed | ||||||||
Priority: | Normal | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
URL: | https://sources.debian.org/patches/libwmf/0.2.8.4-17/CVE-2016-9011.patch/ | ||||||||||
Whiteboard: | B3 [upstream/ebuild cve] | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
Sam James
2020-05-22 07:27:55 UTC
New upstream with 0.2.12 release, packaged by several distributions already: https://github.com/caolanm/libwmf/ Those are the patches that would remain (part adapted) for that bump: > "${FILESDIR}"/${PN}-0.2.8.4-build.patch > "${FILESDIR}"/${P}-gdk-pixbuf.patch > "${FILESDIR}"/${PN}-0.2.8.4-libpng-1.5.patch > "${FILESDIR}"/${PN}-0.2.8.4-pngfix.patch > "${FILESDIR}"/${PN}-0.2.8.4-use-freetype2-pkg-config.patch > "${FILESDIR}"/${P}-use-system-fonts.patch > "${FILESDIR}"/${P}-nullptr-crashfix.patch # git master However, build system breaks by running eautoreconf, and I lack the motivation to dig deeper. Created attachment 640866 [details, diff]
libwmf-0.2.12-gdk-pixbuf.patch
Created attachment 640868 [details, diff]
libwmf-0.2.12-use-system-fonts.patch
Created attachment 640870 [details, diff]
libwmf-0.2.12-nullptr-crashfix.patch
Using a snapshot at b175ff18b5d3a7cec1cf5c14b71c7e9c08076405 actually starts building here, but fails out with: In file included from /usr/include/freetype2/freetype/config/ftstdlib.h:166, from /usr/include/freetype2/freetype/config/ftconfig.h:41: ../../src/ipa/ipa/bmp.h: In function 'ldr_bmp_png': ../../src/ipa/ipa/bmp.h:69:28: error: invalid use of incomplete typedef 'png_struct' {aka 'struct png_struct_def'} 69 | if (setjmp (png_ptr->jmpbuf)) | ^~ |