Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 717948 (CVE-2019-17371) - <media-gfx/gif2png-2.5.14: Memory leak in writefile() (CVE-2019-17371)
Summary: <media-gfx/gif2png-2.5.14: Memory leak in writefile() (CVE-2019-17371)
Status: RESOLVED FIXED
Alias: CVE-2019-17371
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords: CC-ARCHES
Depends on: 688702
Blocks:
  Show dependency tree
 
Reported: 2020-04-17 21:28 UTC by GLSAMaker/CVETool Bot
Modified: 2021-03-16 19:57 UTC (History)
3 users (show)

See Also:
Package list:
media-gfx/gif2png-2.5.14
Runtime testing required: ---
nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-17 21:28:53 UTC 
CVE-2019-17371 (https://nvd.nist.gov/vuln/detail/CVE-2019-17371):
  gif2png 2.5.13 has a memory leak in the writefile function.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-04 01:54:46 UTC 
It might just be simpler to package the Go port if the test failure is reproducible: bug 724518.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2021-02-19 01:14:08 UTC 
x86 stable
Comment 3 Agostino Sarubbo gentoo-dev 2021-03-01 09:20:23 UTC 
amd64 stable
Comment 4 ernsteiswuerfel archtester 2021-03-04 19:23:25 UTC 
Looking good on ppc64.

 # cat gif2png-717948.report 
USE tests started on Do 4. Mär 19:35:18 CET 2021

FEATURES=' test' USE='' succeeded for =media-gfx/gif2png-2.5.14
USE='' succeeded for =media-gfx/gif2png-2.5.14
Comment 5 ernsteiswuerfel archtester 2021-03-06 18:30:50 UTC 
Looking good on ppc.

 # cat gif2png-717948.report 
USE tests started on Sa 6. Mär 19:27:20 CET 2021

FEATURES=' test' USE='' succeeded for =media-gfx/gif2png-2.5.14
USE='' succeeded for =media-gfx/gif2png-2.5.14
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-06 23:11:13 UTC 
(In reply to ernsteiswuerfel from comment #5)
> Looking good on ppc.
> 
>  # cat gif2png-717948.report 
> USE tests started on Sa 6. Mär 19:27:20 CET 2021
> 
> FEATURES=' test' USE='' succeeded for =media-gfx/gif2png-2.5.14
> USE='' succeeded for =media-gfx/gif2png-2.5.14

ppc, ppc64 stable, thanks!
Comment 7 Larry the Git Cow gentoo-dev 2021-03-16 19:56:59 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=364b7b9d9ca03d1f29826e4a9dbc799da17412e1

commit 364b7b9d9ca03d1f29826e4a9dbc799da17412e1
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-03-16 19:28:31 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-03-16 19:55:45 +0000

    media-gfx/gif2png: drop 2.5.9, 2.5.12
    
    Bug: https://bugs.gentoo.org/717948
    Signed-off-by: Sam James <sam@gentoo.org>

 media-gfx/gif2png/Manifest                         |  2 --
 .../gif2png/files/gif2png-2.5.12-makefile.patch    | 42 ----------------------
 media-gfx/gif2png/gif2png-2.5.12.ebuild            | 37 -------------------
 media-gfx/gif2png/gif2png-2.5.9.ebuild             | 19 ----------
 4 files changed, 100 deletions(-)