GNU bug report logs - #47622
vigra package is vulnerable to CVE-2021-30046

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Package: guix; Reported by: Léo Le Bouter <lle-bout@HIDDEN>; Keywords: security; dated Tue, 6 Apr 2021 17:22:01 UTC; Maintainer for guix is bug-guix@HIDDEN.
Added tag(s) security. Request was from Léo Le Bouter <lle-bout@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 6 Apr 2021 17:21:58 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 06 13:21:58 2021
Received: from localhost ([127.0.0.1]:41554 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lTpOn-0005Jy-UP
	for submit <at> debbugs.gnu.org; Tue, 06 Apr 2021 13:21:58 -0400
Received: from lists.gnu.org ([209.51.188.17]:59986)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lle-bout@HIDDEN>) id 1lTpOn-0005Jr-1s
 for submit <at> debbugs.gnu.org; Tue, 06 Apr 2021 13:21:57 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:33758)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lle-bout@HIDDEN>)
 id 1lTpOl-0002El-Cr
 for bug-guix@HIDDEN; Tue, 06 Apr 2021 13:21:56 -0400
Received: from mail.zaclys.net ([178.33.93.72]:50337)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <lle-bout@HIDDEN>)
 id 1lTpOi-0002Fa-NU
 for bug-guix@HIDDEN; Tue, 06 Apr 2021 13:21:55 -0400
Received: from guix-xps.local (lsl43-1_migr-78-195-19-20.fbx.proxad.net
 [78.195.19.20] (may be forged)) (authenticated bits=0)
 by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 136HLndW030215
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <bug-guix@HIDDEN>; Tue, 6 Apr 2021 19:21:50 +0200
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 136HLndW030215
Authentication-Results: mail.zaclys.net;
 dmarc=fail (p=reject dis=none) header.from=zaclys.net
Authentication-Results: mail.zaclys.net;
 spf=fail smtp.mailfrom=lle-bout@HIDDEN
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
 s=default; t=1617729710;
 bh=LEXZ3DKUXBHQIFkLZ4+6CLGoiiQFXvdGXlJ6PQvlmrE=;
 h=Subject:From:To:Date:From;
 b=pCDgedRqasMf4yN+8ibad6Mt88fMthCcn5k8LrfQp/cC3ETKMFQWkZLcuMEcIbBEd
 gk1ZLa2lyDsv26JhkWS5HeLJa2vi01/twJANbTkHNW0x4KKMh5xOWgTU0Lqs2FDaCh
 MrddPt8j56yTNSZynnACZrb4mjj+JZpgkiDU75Zk=
Message-ID: <49b8011d527a93437436f0e9039f638e6f9a7f12.camel@HIDDEN>
Subject: vigra package is vulnerable to CVE-2021-30046
From: =?ISO-8859-1?Q?L=E9o?= Le Bouter <lle-bout@HIDDEN>
To: bug-guix@HIDDEN
Date: Tue, 06 Apr 2021 19:21:48 +0200
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-DRT/wD3eMAAiJMTR7dKy"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
Received-SPF: pass client-ip=178.33.93.72; envelope-from=lle-bout@HIDDEN;
 helo=mail.zaclys.net
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.5 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: CVE-2021-30046 15:15 VIGRA Computer Vision Library
 Version-1-11-1
 contains a segmentation fault vulnerability in the impex.hxx read_image_band()
 function, in which a crafted file can cause a denial of [...] 
 Content analysis details:   (1.5 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,
 medium trust [209.51.188.17 listed in list.dnswl.org]
 1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 0.0 RCVD_IN_MSPIKE_H4      RBL: Very Good reputation (+4)
 [209.51.188.17 listed in wl.mailspike.net]
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
 2.8 MAY_BE_FORGED          Relay IP's reverse DNS does not resolve to IP
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)


--=-DRT/wD3eMAAiJMTR7dKy
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

CVE-2021-30046	15:15
VIGRA Computer Vision Library Version-1-11-1 contains a segmentation
fault vulnerability in the impex.hxx read_image_band() function, in
which a crafted file can cause a denial of service.

Upstream issue: https://github.com/ukoethe/vigra/issues/494

No fix provided yet.

--=-DRT/wD3eMAAiJMTR7dKy
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBsmKwACgkQRaix6GvN
EKb12hAAtIgtQdZJxe22xEavnOd2vU/0g1B7BZZ8R55mb8nr4Ds74k4k+ZTyRQrp
a3S8If7l9Pz64xC7lZKzlxKEapGzCTeH+sI+jYcB5vI2DDwLF4Eqeq31KhrMA/Ki
dvoDmSA7AKWRHDDz+hUqzp655fgIGw4t9YG4+gEg3BQOCeG72Q+Hh1sko6VOOiky
j69c/mq8qzQDcG41iVw5SyK6iFafyONz5urMzzfe0D/C0HRFhlYB5+mZ5a3orzye
Q/t5i2fn7fm1q7x07i3/OLqeMtrPrtBQ1SK13rCNXKUaRQtRLwMu84VNCQ6qXoC1
Q7+ahuN8pzDSux6er0bQtKE1DL38nV7RSfyjo+q4dBSKJeotN9V5ZcyMySWUkosz
6uWJh8PX1ZKcAfLKDDujI+sTB8VUQD5RQFNZV1fni1tsNJIBWYgynvmCSWOoHRan
wJM98nVFkejAvDJvOFd2o6VEGOsWVS1qrIlGAc8r3Sk76V3IxLE+eaKpv+VMHalz
B5Vy2F2CT8x4oMe7XMBV0Lbpw/GgtQ03mIXlMWUFIJbrI3ZMKBclornXI8Itw2vH
Hk3wPMLAjwYDpRl+Lv2C88s6OBGSzvUDbgbJ8pTi7YGVnKoJoWqQ6137kxT337PA
NmIWzBqfHxIrYaGgs4o4lp8C1M9yHsZxMXnD2MgC6GSQjjhkcek=
=GhRa
-----END PGP SIGNATURE-----

--=-DRT/wD3eMAAiJMTR7dKy--
Acknowledgement sent to Léo Le Bouter <lle-bout@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#47622; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Tue, 6 Apr 2021 17:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.