Gentoo Bug 202354 - media-gfx/exiftags < 1.01 Multiple vulnerabilities (CVE-2007-{6354,6355,6356})

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	202354
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 202354 depends on:			Show dependency tree
Bug 202354 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2007-12-15 00:46 0000

Meder Kydyraliev (Google Security) reported vulnerabilities in exiftags:

CVE-2007-6354 illegal memory access
CVE-2007-6355 integer overflow
CVE-2007-6356 infinite loop

Upstream was informed about these issues, no response I know of yet.

------- Comment #1 From Robert Buchholz 2007-12-16 13:30:52 0000 -------

1.01 is out, resolving these issues:
  http://johnst.org/sw/exiftags/exiftags-1.01.tar.gz

Graphics herd, please bump.

------- Comment #2 From Markus Meier 2007-12-16 14:17:45 0000 -------

media-gfx/exiftags-1.01 is in cvs.

------- Comment #3 From Robert Buchholz 2007-12-17 01:42:48 0000 -------

Markus, thanks for the fast bump.

Arches, please test and mark stable media-gfx/exiftags-1.01.
Target keywords : "amd64 ppc x86"

------- Comment #4 From Christian Faulhammer 2007-12-17 07:22:32 0000 -------

x86 stable

------- Comment #5 From Samuli Suominen 2007-12-17 16:39:44 0000 -------

amd64 stable

------- Comment #6 From Tobias Scherbaum 2007-12-17 18:52:11 0000 -------

ppc stable, ready for glsa

------- Comment #7 From Robert Buchholz 2007-12-18 01:38:17 0000 -------

thanks, filed.

------- Comment #8 From Pierre-Yves Rofes 2007-12-29 14:07:32 0000 -------

GLSA 200712-17

------- Comment #9 From Peter Volkov 2008-03-06 09:59:30 0000 -------

Does not affect current (2008.0) release. Removing release.

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 202354

media-gfx/exiftags < 1.01 Multiple vulnerabilities (CVE-2007-{6354,6355,6356})

Last modified: 2008-03-06 09:59:30 0000