Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 812488 (CVE-2020-19752) - <media-gfx/gifsicle-1.93: NULL pointer dereference (CVE-2020-19752)
Summary: <media-gfx/gifsicle-1.93: NULL pointer dereference (CVE-2020-19752)
Status: RESOLVED FIXED
Alias: CVE-2020-19752
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/kohler/gifsicle/is...
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 828298
Blocks:
  Show dependency tree
 
Reported: 2021-09-10 19:33 UTC by John Helmert III
Modified: 2021-12-09 21:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-09-10 19:33:46 UTC
CVE-2020-19752:

The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.

Fix in 1.93.
Comment 1 Larry the Git Cow gentoo-dev 2021-10-17 16:08:37 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee43bca3e704b05fc7293ea507c6d8133d00a5d9

commit ee43bca3e704b05fc7293ea507c6d8133d00a5d9
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-10-17 14:56:08 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-10-17 16:08:19 +0000

    media-gfx/gifsicle: add 1.93
    
    Bug: https://bugs.gentoo.org/812488
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 media-gfx/gifsicle/Manifest             |  1 +
 media-gfx/gifsicle/gifsicle-1.93.ebuild | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2021-12-09 21:37:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2e6e6c4c328750744044a5be9cb12830126867b

commit c2e6e6c4c328750744044a5be9cb12830126867b
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-12-09 21:35:36 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-12-09 21:36:17 +0000

    media-gfx/gifsicle: drop 1.92
    
    Bug: https://bugs.gentoo.org/812488
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 media-gfx/gifsicle/Manifest             |  1 -
 media-gfx/gifsicle/gifsicle-1.92.ebuild | 32 --------------------------------
 2 files changed, 33 deletions(-)
Comment 3 John Helmert III gentoo-dev Security 2021-12-09 21:37:39 UTC
GLSA vote: no. Closing.