From ${URL} : CVE-2017-9988 The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c. https://github.com/libming/libming/issues/85 CVE-2017-9989 util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack. https://github.com/libming/libming/issues/86 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Both are fixed in master and a snapshot release has been added for the last commit (20181112) upstream.
GLSA Vote: Yes
This issue was resolved and addressed in GLSA 201904-24 at https://security.gentoo.org/glsa/201904-24 by GLSA coordinator Aaron Bauman (b-man).
