Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 674214 (CVE-2018-18873) - media-libs/jasper: NULL pointer dereference
Summary: media-libs/jasper: NULL pointer dereference
Status: CONFIRMED
Alias: CVE-2018-18873
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/mdadams/jasper/iss...
Whiteboard: B3 [glsa+ cve cleanup]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-01 00:14 UTC by D'juan McDonald (domhnall)
Modified: 2019-08-09 20:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2019-01-01 00:14:22 UTC
(https://nvd.nist.gov/vuln/detail/CVE-2018-18873):

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c


Gentoo Security Padawan
(domhnall)
Comment 1 Yury German Gentoo Infrastructure gentoo-dev Security 2019-04-27 20:56:47 UTC
Maintainer(s), 2.0.16 is in tree, please advise if fix is in there and if it is ready to go stable.
Comment 2 Larry the Git Cow gentoo-dev 2019-07-14 10:29:58 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c70fe723dcfe0fabab75f3a76942207018e83e1f

commit c70fe723dcfe0fabab75f3a76942207018e83e1f
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2019-07-14 10:29:20 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2019-07-14 10:29:20 +0000

    package.mask: Last rite media-libs/jasper
    
    Bug: https://bugs.gentoo.org/601068
    Bug: https://bugs.gentoo.org/614028
    Bug: https://bugs.gentoo.org/614032
    Bug: https://bugs.gentoo.org/614566
    Bug: https://bugs.gentoo.org/619120
    Bug: https://bugs.gentoo.org/624988
    Bug: https://bugs.gentoo.org/629286
    Bug: https://bugs.gentoo.org/635552
    Bug: https://bugs.gentoo.org/662160
    Bug: https://bugs.gentoo.org/674154
    Bug: https://bugs.gentoo.org/674214
    Bug: https://bugs.gentoo.org/684826
    Bug: https://bugs.gentoo.org/689784
    Signed-off-by: David Seifert <soap@gentoo.org>

 profiles/base/package.use.mask | 23 +++++++++++++++++++++++
 profiles/package.mask          |  7 +++++++
 2 files changed, 30 insertions(+)
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2019-08-09 20:40:01 UTC
This issue was resolved and addressed in
 GLSA 201908-03 at https://security.gentoo.org/glsa/201908-03
by GLSA coordinator Aaron Bauman (b-man).
Comment 4 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-08-09 20:40:39 UTC
re-opened to track final removal of the package from the tree.