Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 722516 (CVE-2020-11863, CVE-2020-11864, CVE-2020-11865, CVE-2020-11866) - <media-libs/libemf-1.0.12: Multiple vulnerabilities (CVE-2020-{11863,11864,11865,11866})
Summary: <media-libs/libemf-1.0.12: Multiple vulnerabilities (CVE-2020-{11863,11864,11...
Status: RESOLVED FIXED
Alias: CVE-2020-11863, CVE-2020-11864, CVE-2020-11865, CVE-2020-11866
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://sourceforge.net/p/libemf/news...
Whiteboard: B3 [noglsa cve]
Keywords:
: 724442 (view as bug list)
Depends on: CVE-2020-13999
Blocks:
  Show dependency tree
 
Reported: 2020-05-11 17:18 UTC by GLSAMaker/CVETool Bot
Modified: 2020-07-27 20:26 UTC (History)
2 users (show)

See Also:
Package list:
=media-libs/libemf-1.0.12 amd64 x86 ppc ppc64 sparc
Runtime testing required: ---
nattka: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-05-11 17:18:02 UTC
Details forthcoming.
Comment 1 Sam James archtester gentoo-dev Security 2020-05-11 17:20:03 UTC
* CVE-2020-11863

Description:
"libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2)."

* CVE-2020-11864

Description:
"libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2)."

* CVE-2020-11865

Description:
"libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access."

* CVE-2020-1866

Description:
"libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free."
Comment 2 Sam James archtester gentoo-dev Security 2020-06-11 22:39:10 UTC
*** Bug 724442 has been marked as a duplicate of this bug. ***
Comment 3 NATTkA bot gentoo-dev 2020-06-14 21:08:44 UTC
Unable to check for sanity:

> package masked: media-libs/libemf-1.0.12, by keywords: -arm
Comment 4 NATTkA bot gentoo-dev 2020-06-14 21:13:02 UTC
Unable to check for sanity:

> package masked: media-libs/libemf-1.0.12, by keywords: -arm
Comment 5 NATTkA bot gentoo-dev 2020-06-15 07:20:38 UTC
All sanity-check issues have been resolved
Comment 6 NATTkA bot gentoo-dev 2020-06-15 07:48:33 UTC
Unable to check for sanity:

> package masked: media-libs/libemf-1.0.12, by keywords: -arm
Comment 7 NATTkA bot gentoo-dev 2020-06-15 13:40:47 UTC
Unable to check for sanity:

> package masked: media-libs/libemf-1.0.12, by keywords: -arm
Comment 8 Sergei Trofimovich gentoo-dev 2020-06-15 21:02:50 UTC
ppc/ppc64 stable
Comment 9 NATTkA bot gentoo-dev 2020-06-16 03:44:56 UTC
All sanity-check issues have been resolved
Comment 10 Rolf Eike Beer 2020-06-16 16:44:39 UTC
sparc stable
Comment 11 Sam James archtester gentoo-dev Security 2020-06-20 00:44:16 UTC
We'll stable in bug 728806 instead.
Comment 12 NATTkA bot gentoo-dev 2020-06-21 17:16:55 UTC
Unable to check for sanity:

> dependent bug #728806 is missing keywords
Comment 13 NATTkA bot gentoo-dev 2020-07-16 01:08:50 UTC
Unable to check for sanity:

> no match for package: =media-libs/libemf-1.0.12