libjpeg-turbo through version 1.5.90 is vulnerable to a divide by zero flaw in the rdbmp.c:start_input_bmp() function. An attacker could exploit this to cause a denial of service via crafted BMP image. Gentoo Security Scout Florian Schuhmacher
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6fd7dd5d9d605685ff7f62bebf6f56fd4dbb8b9 commit a6fd7dd5d9d605685ff7f62bebf6f56fd4dbb8b9 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2018-06-21 13:40:08 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2018-06-21 13:45:31 +0000 media-libs/libjpeg-turbo: Revbump to fix division by zero. Bug: https://bugs.gentoo.org/658624 Package-Manager: Portage-2.3.40, Repoman-2.3.9 .../files/libjpeg-turbo-1.5.3-divzero_fix.patch | 18 ++++ .../files/libjpeg-turbo-1.5.90-divzero_fix.patch | 41 +++++++ .../libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild | 120 +++++++++++++++++++++ ....5.90.ebuild => libjpeg-turbo-1.5.90-r1.ebuild} | 8 +- 4 files changed, 185 insertions(+), 2 deletions(-)
I suggest to stabilize =media-libs/libjpeg-turbo-1.5.3-r1
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee commit 0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee Author: Jason Zaman <perfinion@gentoo.org> AuthorDate: 2018-08-16 11:01:30 +0000 Commit: Jason Zaman <perfinion@gentoo.org> CommitDate: 2018-08-16 11:02:03 +0000 media-libs/libjpeg-turbo-1.5.3-r2: Fix CVE-2018-11813 libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF https://nvd.nist.gov/vuln/detail/CVE-2018-11813 Bug: https://bugs.gentoo.org/658624 Package-Manager: Portage-2.3.40, Repoman-2.3.9 .../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 ++++++++++++++++++++++ ...5.3-r1.ebuild => libjpeg-turbo-1.5.3-r2.ebuild} | 1 + 2 files changed, 46 insertions(+)
I backported another patch and updated to -r2. Can someone check if more things in the bug need updating
amd64 stable
arm64 stable
sparc done.
x86 stable
ia64 stable
ppc stable
ppc64 stable
arm stable
not yet stabilized for arm, sorry for the noise.
alpha stable. all archs stable
hppa stable
Security cleanup: commit 1ee86697389926cb234fcac5f250cfba1fc289f5 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Thu Feb 28 11:42:45 2019 media-libs/libjpeg-turbo: Removed old. Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
All done, repository is clean. GLSA Vote: No!