Bug 1019328 - VUL-0: CVE-2017-5332, CVE-2017-5333: icoutils: __memcpy_sse2_unaligned(): wrestool killed by SIGSEGV
VUL-0: CVE-2017-5332, CVE-2017-5333: icoutils: __memcpy_sse2_unaligned(): wre...
Status: RESOLVED DUPLICATE of bug 1018756
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 42.2
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Kyrill Detinov
E-mail List
CVSSv3:RedHat:CVE-2017-5333:8.1:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-11 12:52 UTC by Mikhail Kasimov
Modified: 2019-05-01 13:00 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-01-11 12:52:25 UTC
Refs:
[1] http://seclists.org/oss-sec/2017/q1/56
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1249276
[3] https://bugzilla.opensuse.org/show_bug.cgi?id=1018756

[1]:
===========================================================
> Furthermore I would like to ask if the following two commits from upstream,
> can have as well an identifier assigned:
>
> http://git.savannah.gnu.org/cgit/icoutils.git/commit?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a
>
> http://git.savannah.gnu.org/cgit/icoutils.git/commit?id=1a108713ac26215c7568353f6e02e727e6d4b24a

>
>
Yes, but because these are immediately consecutive commits, the CVE
mapping may seem unusual.

Use CVE-2017-5332 for all of 1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a
and also the index correction in
1a108713ac26215c7568353f6e02e727e6d4b24a. In other words, the change
from "entries[c]" to "entries[c-skipped]" in
1a108713ac26215c7568353f6e02e727e6d4b24a cannot have a new CVE ID
because the code was never "shipped" with "entries[c]" in use. There
aren't two independent problems related to establishing a maximum
allowable value of the size variable.

Use CVE-2017-5333 for the separate vulnerability fixed by the
introduction of the "size >= sizeof(uint16_t)*2" test in
1a108713ac26215c7568353f6e02e727e6d4b24a.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
===========================================================
Comment 1 Andreas Stieger 2017-01-11 12:57:40 UTC
since maintainer has not started yet and this is openSUSE only... dup

*** This bug has been marked as a duplicate of bug 1018756 ***