(https://nvd.nist.gov/vuln/detail/CVE-2019-3574): In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel. (https://nvd.nist.gov/vuln/detail/CVE-2019-3573): In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png. @Security, a request was submitted to MITRE to REJECT CVE-2019-3574. See $URL for details. (https://github.com/saitoha/libsixel/issues/83) Gentoo Security Padawan (domhnall)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e37bb40b1098f42fafccb6ebd8fcd4534290b942 commit e37bb40b1098f42fafccb6ebd8fcd4534290b942 Author: Ovidiu-Dan Bogat <4z0r@ovidiu.at> AuthorDate: 2020-02-27 11:40:45 +0000 Commit: Akinori Hattori <hattya@gentoo.org> CommitDate: 2020-03-01 02:01:06 +0000 media-libs/libsixel: version bump to 1.8.6 Reported-by: D'juan McDonald <flopwiki@gmail.com> Bug: https://bugs.gentoo.org/674620 Closes: https://github.com/gentoo/gentoo/pull/14790 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Ovidiu-Dan Bogat <4z0r@ovidiu.at> Signed-off-by: Akinori Hattori <hattya@gentoo.org> media-libs/libsixel/Manifest | 1 + media-libs/libsixel/libsixel-1.8.6.ebuild | 49 +++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+)
@maintainer(s): please advise if you are ready for stabilisation or call for stabilisation yourself.
(In reply to Sam James (sec padawan) from comment #2) > @maintainer(s): please advise if you are ready for stabilisation or call for > stabilisation yourself. ping.
CVE-2019-11024 (https://nvd.nist.gov/vuln/detail/CVE-2019-11024): The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87827fc8f7223dbb4f3f09e488131c5f54e4f136 commit 87827fc8f7223dbb4f3f09e488131c5f54e4f136 Author: Akinori Hattori <hattya@gentoo.org> AuthorDate: 2020-04-30 12:58:41 +0000 Commit: Akinori Hattori <hattya@gentoo.org> CommitDate: 2020-04-30 12:58:41 +0000 media-libs/libsixel: drop old Bug: https://bugs.gentoo.org/674620 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Akinori Hattori <hattya@gentoo.org> media-libs/libsixel/Manifest | 2 -- media-libs/libsixel/libsixel-1.8.1.ebuild | 49 ------------------------------- media-libs/libsixel/libsixel-1.8.2.ebuild | 49 ------------------------------- 3 files changed, 100 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a944c1ab5e6137f9fc99b37ede3d5049f9dbe729 commit a944c1ab5e6137f9fc99b37ede3d5049f9dbe729 Author: Akinori Hattori <hattya@gentoo.org> AuthorDate: 2020-04-30 12:54:11 +0000 Commit: Akinori Hattori <hattya@gentoo.org> CommitDate: 2020-04-30 12:54:11 +0000 media-libs/libsixel: amd64/x86 stable Bug: https://bugs.gentoo.org/674620 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Akinori Hattori <hattya@gentoo.org> media-libs/libsixel/libsixel-1.8.6.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks!