CVE-2018-10775 (https://nvd.nist.gov/vuln/detail/CVE-2018-10775): NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by end2xml. CVE-2018-10774 (https://nvd.nist.gov/vuln/detail/CVE-2018-10774): Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml. CVE-2018-10773 (https://nvd.nist.gov/vuln/detail/CVE-2018-10773): NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by copac2xml.
Reference: https://sourceforge.net/p/bibutils/home/history_version6/ 6.3 6/04/18 Add bibdiff program Fix header guards in iso639_1.h and iso639_3.h (reported by Vaclav Haisman) Fix nbib support for bibutils as a library (reported by Vaclav Haisman) Add authority="bibutilsgt" for bibutils-recognized genres not in MARC authority Switch from GENRE/NGENRE/UGENRE to GENRE:MARC/GENRE:BIBUTILS/GENRE:UNKNOWN General cleanups and fixes to cppcheck/clang warnings Fix CVE-2018-10773, CVE-2018-10774, CVE-2018-10775 - Also, package uses KEYWORDS="~amd64 ~ppc ~x86". Gentoo Security Padawan (domhnall)
The package in tree is severely outdated...
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9c3adb551b63268fd4011bb1eb14a1018b49ea0 commit d9c3adb551b63268fd4011bb1eb14a1018b49ea0 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2019-01-11 21:23:11 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2019-01-11 21:23:38 +0000 app-text/bibutils: Version bump Closes: https://bugs.gentoo.org/613346 Closes: https://bugs.gentoo.org/613352 Bug: https://bugs.gentoo.org/662884 Package-Manager: Portage-2.3.54, Repoman-2.3.12 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> app-text/bibutils/Manifest | 1 + app-text/bibutils/bibutils-6.7.ebuild | 47 +++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+)