Summary: | <app-text/mupdf-1.18.0-r3: double free during linearization (CVE-2021-3407) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | johu, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2021-02-24 02:42:48 UTC
We need to apply the patch right? (In reply to Sam James from comment #1) > We need to apply the patch right? Yes, sorry! No upstream tag with that patch as far as I can tell. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f8610d53861f805bf4c4b6e1366935ad660b141 commit 6f8610d53861f805bf4c4b6e1366935ad660b141 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-02-24 16:09:26 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-02-24 16:21:44 +0000 app-text/mupdf: patch CVE-2021-3407 Bug: https://bugs.gentoo.org/772311 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> .../mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch | 51 ++++++++ app-text/mupdf/mupdf-1.18.0-r3.ebuild | 145 +++++++++++++++++++++ 2 files changed, 196 insertions(+) Unable to check for sanity:
> no match for package: app-text/mudfp-1.18.0-r3
ppc done ppc64 done arm done arm64 done x86 done amd64 done all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f75f343ca56b52d513a15df9c8a30082073acebe commit f75f343ca56b52d513a15df9c8a30082073acebe Author: Sam James <sam@gentoo.org> AuthorDate: 2021-03-04 04:55:38 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-03-04 04:55:50 +0000 app-text/mupdf: remove 1.18.0 (security cleanup) Bug: https://bugs.gentoo.org/772311 Signed-off-by: Sam James <sam@gentoo.org> app-text/mupdf/mupdf-1.18.0-r2.ebuild | 144 ---------------------------------- 1 file changed, 144 deletions(-) New GLSA request filed. This issue was resolved and addressed in GLSA 202105-30 at https://security.gentoo.org/glsa/202105-30 by GLSA coordinator Thomas Deutschmann (whissi). |