Potrace 1.14 fixes an invalid memory read and a memory allocation failure: https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/ https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure/
CVE-2016-8685 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8685): The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.
@ Maintainer(s): Can we already start stabilization of =media-gfx/potrace-1.14?
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. If nothing in a week will cal for stabilization on May 7th.
Time out on maintainers! Arches, please test and mark stable: =media-gfx/potrace-1.14 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" Thank you!
amd64 stable
x86 stable
Stable on alpha.
arm stable
sparc stable
ia64 stable
ppc64 stable
ppc stable
Arches, please finish stabilizing hppa Gentoo Security Padawan ChrisADR
hppa stable
Stabilization is complete, thank you arches. @Maintainer(s): Please clean the vulnerable version from the tree. @Security: Please vote on whether a glsa is needed or not. Gentoo Security Padawan Kivak
GLSA Vote: No Cleanup tracked in bug #626820