Caolán McNamara and Dom Lachowiczs wv library has been found to contain
a buffer overflow condition that can be exploited through a specially
If an attacker can convince a user to open an exploit document in HTML
mode using an application that builds upon the wv library, it is
possible for the attacker to execute arbitrary code under the privileges
of that user.
iDEFENSE has confirmed the existence of this vulnerability in version
0.7.4, and a slight variant of this vulnerability in versions 0.7.5,
0.7.6 and 1.0.0.
I'm not sure, who's the maintainer in this case - metadata.xml is missing.
forgot the patch url mentioned in the advisory: http://www.abisource.com/bonsai/cvsview2.cgi?diff_mode=context&whitespace_mode=show&root=/cvsroot&subdir=wv&command=DIFF_FRAMESET&root=/cvsroot&file=field.c&rev1=1.19&rev2=1.20
Marinus you have committed the last few new versions will you commit a patched ebuild?
Also you might want to correct HOMEPAGE to point to the SF page.
added the patch + minor USE fix to the ebuild. Bumped to 1.0.0-r1 all stable (the fixes were minor and i guess this needs to go in).
Ready for a GLSA