CVE-2017-17446 (https://nvd.nist.gov/vuln/detail/CVE-2017-17446): The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file. @Maintainers please call for stabilization when ready. Thank you
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40b2834fc7f78a23f6668d029ee31bb0405ecafc commit 40b2834fc7f78a23f6668d029ee31bb0405ecafc Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-08-22 07:13:02 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-08-22 07:13:02 +0000 media-libs/game-music-emu: 0.6.2 version bump Bug: https://bugs.gentoo.org/650890 Package-Manager: Portage-2.3.48, Repoman-2.3.10 media-libs/game-music-emu/Manifest | 1 + media-libs/game-music-emu/game-music-emu-0.6.2.ebuild | 17 +++++++++++++++++ 2 files changed, 18 insertions(+)
amd64 stable
ppc64 stable
x86 stable
(In reply to Agostino Sarubbo from comment #2) > amd64 stable I don't see it.
ppc stable
Stable on alpha.
arm stable, all arches done.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb6569a8680d2d2548a2127b3a40171e008d9f9d commit bb6569a8680d2d2548a2127b3a40171e008d9f9d Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-30 16:12:40 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-30 16:13:51 +0000 media-libs/game-music-emu: Security cleanup Bug: https://bugs.gentoo.org/650890 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> Package-Manager: Portage-2.3.50, Repoman-2.3.11 media-libs/game-music-emu/Manifest | 1 - media-libs/game-music-emu/game-music-emu-0.6.1.ebuild | 17 ----------------- 2 files changed, 18 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94f586be667593eabf9fb452ba3a5a1408ff624b commit 94f586be667593eabf9fb452ba3a5a1408ff624b Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-30 16:11:04 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-30 16:13:51 +0000 profiles: hppa: Stable-mask media-video/ffmpeg[gme] Blocking security cleanup. Bug: https://bugs.gentoo.org/650890 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> profiles/arch/hppa/package.use.stable.mask | 4 ++++ 1 file changed, 4 insertions(+)
GLSA Vote: No Thank you all for you work. Closing as [noglsa].