From ${URL}: Hi, Even with the patch for CVE-2015-3258 in version 1.0.70 it was possible to trigger an integer overflow leading to a heap-based buffer overflow using the same vector (specially crafted line sizes). The integer overflow has been assigned CVE-2015-3279 and is fixed in version 1.0.71. Apart from that, the patch also hardens against possible crashes due to missing calloc() success checks. Patch: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365 Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1238990
+*cups-filters-1.0.71 (03 Jul 2015) + + 03 Jul 2015; Andreas K. Huettel <dilfridge@gentoo.org> + +cups-filters-1.0.71.ebuild: + Version bump, bug 553836 +
Arches please stabilize net-print/cups-filters-1.0.71 Target: all stable arches
Stable for HPPA PPC64.
Stable on alpha.
amd64 stable
arm stable
stable for ppc.
x86 stable
CVE-2015-3279 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3279): Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
ia64 stable
sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Maintainer(s), Thank you for you for cleanup. Added to an existing GLSA Request. Maintainer(s), please drop the vulnerable version(s).
Cleanup done.
This issue was resolved and addressed in GLSA 201510-08 at https://security.gentoo.org/glsa/201510-08 by GLSA coordinator Kristian Fiskerstrand (K_F).