812833 – <media-libs/libexif-0.6.23: Multiple vulnerabilities

Bug 812833 - <media-libs/libexif-0.6.23: Multiple vulnerabilities

Summary: <media-libs/libexif-0.6.23: Multiple vulnerabilities

Status:	IN_PROGRESS

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa?]
Keywords:

Depends on:	817923
Blocks:
	Show dependency tree

Reported:	2021-09-12 23:51 UTC by Sam James
Modified:	2021-10-17 12:39 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2021-09-12 23:51:07 UTC

We patched the other issues (CVEs mentioned in the release notes) in bug 754681, but this wasn't in our snapshot:

"some more denial of service (compute time or stack exhaustion) counter-measures
added that avoid minutes of decoding time with malformed files found
by OSS-Fuzz"

from https://github.com/libexif/libexif/releases/tag/v0.6.23.

Comment 1 John Helmert III archtester

2021-10-16 23:37:12 UTC

Please cleanup.

Comment 2 Michał Górny archtester

2021-10-17 07:16:45 UTC

(In reply to John Helmert III from comment #1)
> Please cleanup.

done.

Comment 3 John Helmert III archtester

2021-10-17 12:39:24 UTC

(In reply to Michał Górny from comment #2)
> (In reply to John Helmert III from comment #1)
> > Please cleanup.
> 
> done.

Thanks!