Summary: | <media-libs/raptor-2.0.15-r3: heap overflow (CVE-2020-25713) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | fordfrog, sound |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.librdf.org/mantis/view.php?id=650 | ||
Whiteboard: | B3 [glsa? cve] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2020-11-13 14:40:39 UTC
We may want to keep an eye on LibreOffice who bundle this upstream? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=302b7d40ecbd4d456c0f39046a9c078c96e672d8 commit 302b7d40ecbd4d456c0f39046a9c078c96e672d8 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2021-04-29 07:55:33 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2021-04-29 07:55:49 +0000 media-libs/raptor: fixed CVE-2020-25713 Bug: https://bugs.gentoo.org/754264 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> ...713-raptor2-malformed-input-file-can-lead.patch | 32 ++++++++++++++++++++++ ...or-2.0.15-r2.ebuild => raptor-2.0.15-r3.ebuild} | 1 + 2 files changed, 33 insertions(+) all tests passed. before fix: rapper file.rdf rapper: Parsing URI file:///home/fordfrog/src/gentoo/raptor/file.rdf with parser rdfxml rapper: Serializing with serializer ntriples rapper: Warning - URI file:///home/fordfrog/src/gentoo/raptor/file.rdf:2 - Using node element 'r' without a namespace is forbidden. _:genid1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <#l> . rapper: Warning - URI file:///home/fordfrog/src/gentoo/raptor/file.rdf:2 - Unknown rdf:parseType value '' taken as 'Literal' Neoprávněný přístup do paměti (SIGSEGV) after fix: $ rapper file.rdf rapper: Parsing URI file:///home/fordfrog/src/gentoo/raptor/file.rdf with parser rdfxml rapper: Serializing with serializer ntriples rapper: Warning - URI file:///home/fordfrog/src/gentoo/raptor/file.rdf:2 - Using node element 'r' without a namespace is forbidden. _:genid1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <#l> . rapper: Warning - URI file:///home/fordfrog/src/gentoo/raptor/file.rdf:2 - Unknown rdf:parseType value '' taken as 'Literal' rapper: Error - - XML parser error: Extra content at the end of the document rapper: Failed to parse file file.rdf rdfxml content rapper: Parsing returned 1 triple revbumped and removed old so you can proceed. Thank you! Sorry for the delay. GLSA request filed. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. |