Details at $URL @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE ID: CVE-2016-7392 Summary: Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file. Published: 2017-02-15T21:59:00.000Z
Fixed via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2fcc7c830301a4ae876393e6ca0e1f74b7deca9f @ Arches, please test and mark stable: =media-gfx/autotrace-0.31.1-r8
Hi, it make no-sense stabilize the package since there is bug 619040. I'd suggest to pmask.
(In reply to Agostino Sarubbo from comment #3) > Hi, it make no-sense stabilize the package since there is bug 619040. > > I'd suggest to pmask. I agree. I created a tracker bug. Package should get PMASKED by 2017-06-30.
commit af14a9845810137c82742baf89bf3dd4fcbc9540 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: Wed Aug 16 12:11:52 2017 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: Wed Aug 16 12:21:39 2017 media-gfx/autotrace: Remove last-rited pkg, #620802
This issue was resolved and addressed in GLSA 201708-09 at https://security.gentoo.org/glsa/201708-09 by GLSA coordinator Aaron Bauman (b-man).