Ubuntu
wine package

Security vulnerabilities in Wine when handling EMF files

Bug #1764719 reported by Robert Gawlik
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
wine (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

============================================================
# Security vulnerabilities in Wine when handling EMF files #
============================================================

Bug Description was moved to attachment advisory.txt

Thank you!!

Best regards,
Robert Gawlik
(Ruhr-Universität Bochum)

See original description

CVE References

Revision history for this message
Robert Gawlik (rh0) wrote :
Revision history for this message
Robert Gawlik (rh0) wrote :
Revision history for this message
Robert Gawlik (rh0) wrote :
Revision history for this message
Robert Gawlik (rh0) wrote :
Revision history for this message
Robert Gawlik (rh0) wrote :

since there were newlines inserted into the bug description which made it less readable I attached it as advisory.txt

description: updated
Robert Gawlik (rh0)
description: updated
Revision history for this message
Steve Beattie (sbeattie) wrote :

Hi Robert, thanks for the report. Has the upstream wine project been notified? As wine is in universe, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures .

Thanks!

Revision history for this message
Robert Gawlik (rh0) wrote :

I informed https://launchpad.net/~ubuntu-wine. I can also file a bug report to https://bugs.winehq.org, but I didn't find an option to mark reports as private there, hence everybody would see it. If that's ok, I can still do it.

Revision history for this message
Steve Beattie (sbeattie) wrote :

Hi Robert, for reports that should be kept embargoed, I believe you can contact Alexandre Julliard <email address hidden> (wine lead developer) and CC: Marcus Meissner <email address hidden> (wine developer and SuSE security contact). Thanks!

Revision history for this message
Scott Ritchie (scottritchie) wrote :

I already contacted julliard@ out of band, and he's fine with putting the reports public now.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Hello Robert, Scott, do you know if CVE numbers have been assigned for these issues yet? Are patches available from upstream?

Thanks

information type: Private Security → Public Security
Revision history for this message
Robert Gawlik (rh0) wrote :

Hello Seth,

afaik there are no CVEs assigned yet. I split the report and submitted three bugs finally today:
https://bugs.winehq.org/show_bug.cgi?id=45104
https://bugs.winehq.org/show_bug.cgi?id=45105
https://bugs.winehq.org/show_bug.cgi?id=45106

Best regards!

Marc Deslauriers (mdeslaur)
Changed in wine (Ubuntu):
status: New → Confirmed
Simon Quigley (tsimonq2)
tags: added: community-security
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.