Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 602782 (CVE-2016-10164) - <x11-libs/libXpm-3.5.12: integer overflow
Summary: <x11-libs/libXpm-3.5.12: integer overflow
Status: RESOLVED FIXED
Alias: CVE-2016-10164
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://lists.freedesktop.org/archive...
Whiteboard: A3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-15 19:28 UTC by Matt Turner
Modified: 2017-02-01 02:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
kensington: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Turner gentoo-dev 2016-12-15 19:28:46 UTC 
3.5.12 fixes a couple of security issues. There are no CVEs as far as I'm aware.
Comment 1 Tobias Klausmann (RETIRED) gentoo-dev 2016-12-16 10:20:50 UTC 
Stable on alpha.
Comment 2 Agostino Sarubbo gentoo-dev 2016-12-16 10:48:11 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2016-12-16 10:48:45 UTC 
x86 stable
Comment 4 Markus Meier gentoo-dev 2016-12-18 16:58:40 UTC 
arm stable
Comment 5 Agostino Sarubbo gentoo-dev 2016-12-19 14:45:36 UTC 
sparc stable
Comment 6 Agostino Sarubbo gentoo-dev 2016-12-19 15:21:03 UTC 
ia64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2016-12-20 09:55:30 UTC 
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2016-12-22 09:43:22 UTC 
ppc64 stable
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2017-01-14 12:26:16 UTC 
Stable for HPPA.
Comment 10 Matt Turner gentoo-dev 2017-01-25 16:16:13 UTC 
Just waiting on arm64@
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-26 15:21:36 UTC 
Thanks, we don't need to wait for arm64 to proceed.

New GLSA request filed.
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2017-01-28 04:08:58 UTC 
arm64 dropped due to being an unstable arch.  Please request stabilization in a new bug which does *not* block this bug.  This will impact cleanup later.

CVE Assignment:

http://seclists.org/oss-sec/2017/q1/190
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2017-01-29 17:02:29 UTC 
This issue was resolved and addressed in
 GLSA 201701-72 at https://security.gentoo.org/glsa/201701-72
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 14 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-29 17:04:30 UTC 
Re-opening for cleanup.

@ Maintainer(s): Please cleanup and drop <x11-libs/libXpm-3.5.12!
Comment 15 Matt Turner gentoo-dev 2017-01-29 17:35:35 UTC 
Vulnerable versions have now been removed in

commit a99914d2265ba3dcb4fa6a4c680ebec84be69083
Author: Matt Turner <mattst88@gentoo.org>
Date:   Sun Jan 29 09:20:26 2017 -0800

    x11-libs/libXpm: Drop vulnerable versions.