Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 442152 (CVE-2012-5127) - <media-libs/libwebp-0.2.1: integer overflow (CVE-2012-5127)
Summary: <media-libs/libwebp-0.2.1: integer overflow (CVE-2012-5127)
Status: RESOLVED FIXED
Alias: CVE-2012-5127
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-07 04:41 UTC by Mike Gilbert
Modified: 2013-12-10 08:34 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2012-11-07 04:41:14 UTC
Likely contains a security fix for CVE-2012-5127, see bug 442096.

Please bump.
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-11-09 05:21:31 UTC
I'll have to verify that 0.2.1 contains the fix. Release notes do mention _some_ security fixes. Not sure why upstream is not more precise.
Comment 2 Samuli Suominen gentoo-dev 2012-11-09 08:52:02 UTC
0.2.1 in Portage
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-11-09 12:12:32 UTC
CVE-2012-5127 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127):
  Integer overflow in Google Chrome before 23.0.1271.64 allows remote
  attackers to cause a denial of service (out-of-bounds read) or possibly have
  unspecified other impact via a crafted WebP image.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2012-11-09 18:01:11 UTC
Arch teams, please test and mark stable:
=media-libs/libwebp-0.2.1
Stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 x86
Comment 5 Agostino Sarubbo gentoo-dev 2012-11-10 10:09:23 UTC
amd64 stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2012-11-10 18:36:37 UTC
Stable for HPPA.
Comment 7 Anthony Basile gentoo-dev 2012-11-11 02:11:17 UTC
stable arm ppc ppc64
Comment 8 Andreas Schürch gentoo-dev 2012-11-12 20:14:11 UTC
x86 done.
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2012-11-25 18:58:14 UTC
alpha/ia64 stable
Comment 10 Sean Amoss (RETIRED) gentoo-dev Security 2012-11-26 01:30:07 UTC
Thanks, everyone.

New GLSA request filed.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2013-12-10 08:34:50 UTC
This issue was resolved and addressed in
 GLSA 201312-08 at http://security.gentoo.org/glsa/glsa-201312-08.xml
by GLSA coordinator Sergey Popov (pinkbyte).