app-office/pinpoint is vulnerable to CVE-2013-7447 See tracking bug for details. ## kflaptop pinpoint-0.1.6 # grep -r "cairo_pixels" -- * pp-cairo.c: guchar *cairo_pixels; pp-cairo.c: cairo_pixels = g_malloc (height * cairo_stride);
@gnome could you confirm if package still vulnerable? Thank you, Gentoo Security Padawan ChrisADR
(In reply to Christopher Díaz Riveros from comment #1) > @gnome could you confirm if package still vulnerable? > > Thank you, > > Gentoo Security Padawan > ChrisADR It is still vulnerable based on the upstream code in pinpoint-0.1.8 and the suggested patch referenced in the tracking bug.
[master 5dd55b83cc7] app-office/pinpoint: Fix CVE-2013-7447 (#574384) 2 files changed, 83 insertions(+) create mode 100644 app-office/pinpoint/files/pinpoint-0.1.8-CVE-2013-7447.patch create mode 100644 app-office/pinpoint/pinpoint-0.1.8-r1.ebuild And it seems to still work for me
x86 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=58d6e1dd9160691073e81d4f7d2a25bf9be4f834 commit 58d6e1dd9160691073e81d4f7d2a25bf9be4f834 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-03-30 13:21:20 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-03-30 13:32:10 +0000 app-office/pinpoint: amd64 stable Bug: https://bugs.gentoo.org/574384 Package-Manager: Portage-2.3.26, Repoman-2.3.7 app-office/pinpoint/pinpoint-0.1.8-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)}
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a4ea394ad712beac42dd44aea9225a14efcc194d commit a4ea394ad712beac42dd44aea9225a14efcc194d Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-03 19:09:25 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-03 19:09:25 +0000 app-office/pinpoint: drop vulnerable Bug: https://bugs.gentoo.org/574384 Package-Manager: Portage-2.3.28, Repoman-2.3.9 app-office/pinpoint/pinpoint-0.1.8.ebuild | 47 ------------------------------- 1 file changed, 47 deletions(-)}