Description: "libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption."
Patch: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404/diffs?commit_id=44cbd1e718d6a08e59b9300280c340218a84e089 (thanks leio)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c5ef4bf3c0497dd26da1f97b48e3a4b2e11241e commit 2c5ef4bf3c0497dd26da1f97b48e3a4b2e11241e Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-05-25 21:42:08 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-05-25 21:42:19 +0000 dev-libs/libcroco: fix CVE-2020-12825 Bug: https://bugs.gentoo.org/722752 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> .../files/libcroco-0.6.13-CVE-2020-12825.patch | 187 +++++++++++++++++++++ dev-libs/libcroco/libcroco-0.6.13-r1.ebuild | 57 +++++++ 2 files changed, 244 insertions(+)
amd64 done
arm64 done
x86 done
arm done
ppc done
ppc64 done
hppa stable
sparc done
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2530fef2b523640b7cf3d3195dde3afb23b5f9c commit c2530fef2b523640b7cf3d3195dde3afb23b5f9c Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2021-05-30 19:42:54 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2021-05-30 19:43:29 +0000 dev-libs/libcroco: Drop old versions Bug: https://bugs.gentoo.org/722752 Signed-off-by: Matt Turner <mattst88@gentoo.org> dev-libs/libcroco/libcroco-0.6.13.ebuild | 55 -------------------------------- 1 file changed, 55 deletions(-)
Added to an existing GLSA request.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=2a92e2043bdf43ba9d8813b5b7aca6e24d69f047 commit 2a92e2043bdf43ba9d8813b5b7aca6e24d69f047 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-21 01:34:48 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-21 01:40:47 +0000 [ GLSA 202208-33 ] Gnome Shell, gettext, libcroco: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/722752 Bug: https://bugs.gentoo.org/755848 Bug: https://bugs.gentoo.org/769998 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-33.xml | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+)
GLSA released, all done!