722516 – (CVE-2020-11863, CVE-2020-11864, CVE-2020-11865, CVE-2020-11866) <media-libs/libemf-1.0.12: Multiple vulnerabilities (CVE-2020-{11863,11864,11865,11866})

Bug 722516 (CVE-2020-11863, CVE-2020-11864, CVE-2020-11865, CVE-2020-11866) - <media-libs/libemf-1.0.12: Multiple vulnerabilities (CVE-2020-{11863,11864,11865,11866})

Summary: <media-libs/libemf-1.0.12: Multiple vulnerabilities (CVE-2020-{11863,11864,11...

Status:	RESOLVED FIXED

Alias:	CVE-2020-11863, CVE-2020-11864, CVE-2020-11865, CVE-2020-11866

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://sourceforge.net/p/libemf/news...
Whiteboard:	B3 [noglsa cve]
Keywords:

Duplicates (1):	724442 (view as bug list)
Depends on:	CVE-2020-13999
Blocks:
	Show dependency tree

Reported:	2020-05-11 17:18 UTC by GLSAMaker/CVETool Bot
Modified:	2020-07-27 20:26 UTC (History)
CC List:	2 users (show)

See Also:
Package list:	=media-libs/libemf-1.0.12 amd64 x86 ppc ppc64 sparc
Runtime testing required:	---

Flags:	nattka: sanity-check-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2020-05-11 17:18:02 UTC

Details forthcoming.

Comment 1 Sam James archtester

2020-05-11 17:20:03 UTC

* CVE-2020-11863

Description:
"libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2)."

* CVE-2020-11864

Description:
"libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2)."

* CVE-2020-11865

Description:
"libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access."

* CVE-2020-1866

Description:
"libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free."

Comment 2 Sam James archtester

2020-06-11 22:39:10 UTC

*** Bug 724442 has been marked as a duplicate of this bug. ***

Comment 3 NATTkA bot gentoo-dev

2020-06-14 21:08:44 UTC

Unable to check for sanity:

> package masked: media-libs/libemf-1.0.12, by keywords: -arm

Comment 4 NATTkA bot gentoo-dev

2020-06-14 21:13:02 UTC

Unable to check for sanity:

> package masked: media-libs/libemf-1.0.12, by keywords: -arm

Comment 5 NATTkA bot gentoo-dev

2020-06-15 07:20:38 UTC

All sanity-check issues have been resolved

Comment 6 NATTkA bot gentoo-dev

2020-06-15 07:48:33 UTC

Unable to check for sanity:

> package masked: media-libs/libemf-1.0.12, by keywords: -arm

Comment 7 NATTkA bot gentoo-dev

2020-06-15 13:40:47 UTC

Unable to check for sanity:

> package masked: media-libs/libemf-1.0.12, by keywords: -arm

Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev

2020-06-15 21:02:50 UTC

ppc/ppc64 stable

Comment 9 NATTkA bot gentoo-dev

2020-06-16 03:44:56 UTC

All sanity-check issues have been resolved

Comment 10 Rolf Eike Beer archtester

2020-06-16 16:44:39 UTC

sparc stable

Comment 11 Sam James archtester

2020-06-20 00:44:16 UTC

We'll stable in bug 728806 instead.

Comment 12 NATTkA bot gentoo-dev

2020-06-21 17:16:55 UTC

Unable to check for sanity:

> dependent bug #728806 is missing keywords

Comment 13 NATTkA bot gentoo-dev

2020-07-16 01:08:50 UTC

Unable to check for sanity:

> no match for package: =media-libs/libemf-1.0.12