From ${URL} : In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.) Reference: https://sourceforge.net/p/advancemame/bugs/277/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
I've added a snapshot with a few vulnerability fixes (no other changes included). Please stabilize.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c62bd168ce711fe757f57ded30f796de27e71a4 commit 8c62bd168ce711fe757f57ded30f796de27e71a4 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-03-10 07:26:36 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-03-10 07:26:36 +0000 app-arch/advancecomp: Add 2.2_pre20190301 snapshot, incl. sec fixes Bug: https://bugs.gentoo.org/679390 Signed-off-by: Michał Górny <mgorny@gentoo.org> app-arch/advancecomp/Manifest | 1 + .../advancecomp/advancecomp-2.2_pre20190301.ebuild | 47 ++++++++++++++++++++++ 2 files changed, 48 insertions(+)
amd64 stable
x86 stable
Please drop vulnerable.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72603b4a270dcf4fb949c9d92bd27d00e1932ad5 commit 72603b4a270dcf4fb949c9d92bd27d00e1932ad5 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-03-20 13:54:58 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-03-20 15:01:32 +0000 app-arch/advancecomp: Drop vulnerable versions Bug: https://bugs.gentoo.org/679390 Signed-off-by: Michał Górny <mgorny@gentoo.org> app-arch/advancecomp/Manifest | 2 -- app-arch/advancecomp/advancecomp-2.0.ebuild | 45 ----------------------------- app-arch/advancecomp/advancecomp-2.1.ebuild | 36 ----------------------- 3 files changed, 83 deletions(-)
Thanks!