According to $URL, two releases since the release we have in-tree have had integer overflow fixes: 10.0.4: Fix a handful of integer overflows. This includes cases found by fuzzing as well as having qpdf not do range checking on unused values in the xref stream. 10.0.2: Fix various integer overflows and similar conditions found by the OSS-Fuzz project. Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5d7ebe958e82785ecf2ed5428e2a03dac119e29 commit c5d7ebe958e82785ecf2ed5428e2a03dac119e29 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-11-24 10:51:01 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-11-24 10:53:06 +0000 app-text/qpdf: security bump to 10.0.4 Bug: https://bugs.gentoo.org/756022 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> app-text/qpdf/Manifest | 1 + app-text/qpdf/qpdf-10.0.4.ebuild | 57 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+)
x86 stable
arm64 done
amd64 done
arm done
sparc stable
Looking good on ppc. # cat qpdf-756022.report USE tests started on Do 10. Dez 10:49:27 CET 2020 FEATURES=' test' USE='' succeeded for =app-text/qpdf-10.0.4 USE='-doc -examples -libressl -ssl' succeeded for =app-text/qpdf-10.0.4 USE='doc -examples -libressl -ssl' succeeded for =app-text/qpdf-10.0.4 USE='doc examples -libressl -ssl' succeeded for =app-text/qpdf-10.0.4 USE='-doc -examples libressl -ssl' succeeded for =app-text/qpdf-10.0.4 USE='doc -examples libressl -ssl' succeeded for =app-text/qpdf-10.0.4 USE='doc examples libressl -ssl' succeeded for =app-text/qpdf-10.0.4 USE='-doc -examples -libressl ssl' succeeded for =app-text/qpdf-10.0.4 USE='doc -examples -libressl ssl' succeeded for =app-text/qpdf-10.0.4 USE='doc examples -libressl ssl' succeeded for =app-text/qpdf-10.0.4 USE='-doc examples -libressl ssl' succeeded for =app-text/qpdf-10.0.4 revdep tests started on Do 10. Dez 11:18:36 CET 2020 FEATURES=' test' USE='' succeeded for net-print/cups-filters
Looking good on ppc64. # cat qpdf-756022.report USE tests started on Do 10. Dez 11:27:48 CET 2020 FEATURES=' test' USE='' succeeded for =app-text/qpdf-10.0.4 USE='-doc -examples -libressl -ssl' succeeded for =app-text/qpdf-10.0.4 USE='doc -examples -libressl -ssl' succeeded for =app-text/qpdf-10.0.4 USE='-doc -examples libressl -ssl' succeeded for =app-text/qpdf-10.0.4 USE='doc -examples -libressl -ssl' succeeded for =app-text/qpdf-10.0.4 USE='doc examples -libressl -ssl' succeeded for =app-text/qpdf-10.0.4 USE='-doc -examples -libressl ssl' succeeded for =app-text/qpdf-10.0.4 USE='doc -examples -libressl ssl' succeeded for =app-text/qpdf-10.0.4 USE='-doc examples -libressl ssl' succeeded for =app-text/qpdf-10.0.4 USE='doc examples -libressl ssl' succeeded for =app-text/qpdf-10.0.4 revdep tests started on Do 10. Dez 12:06:16 CET 2020 FEATURES=' test' USE='' succeeded for net-print/cups-filters
~ppc/~ppc64 stable
s390 stable
hppa stable
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=502279c88919d9107be73fbae3c8b591f83d0d72 commit 502279c88919d9107be73fbae3c8b591f83d0d72 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-01-10 15:52:32 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-01-10 15:53:01 +0000 app-text/qpdf: Security cleanup Bug: https://bugs.gentoo.org/756022 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-text/qpdf/Manifest | 3 -- app-text/qpdf/metadata.xml | 3 -- app-text/qpdf/qpdf-10.0.1-r2.ebuild | 60 ------------------------------------- app-text/qpdf/qpdf-9.0.2-r1.ebuild | 59 ------------------------------------ app-text/qpdf/qpdf-9.1.1-r2.ebuild | 55 ---------------------------------- 5 files changed, 180 deletions(-)
Thanks!
GLSA Vote: No Nothing to report for us.