CVE-2022-27470 (https://github.com/libsdl-org/SDL_ttf/commit/db1b41ab8bde6723c24b866e466cad78c2fa0448): SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. Upstream report seems to be referring to SDL2-ttf, but reported to SDL-ttf, so presumably both are affected?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2044b967bf51f919535fa3881663618cd00868e6 commit 2044b967bf51f919535fa3881663618cd00868e6 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-07-19 01:00:34 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-07-19 01:07:20 +0000 media-libs/sdl2-ttf: add 2.20.0 Bug: https://bugs.gentoo.org/843434 Signed-off-by: Sam James <sam@gentoo.org> media-libs/sdl2-ttf/Manifest | 1 + media-libs/sdl2-ttf/sdl2-ttf-2.20.0.ebuild | 38 ++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f2e578801e00c0a195b0d6f72cb69368544db75 commit 7f2e578801e00c0a195b0d6f72cb69368544db75 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-11-11 03:48:59 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-11-11 03:48:59 +0000 media-libs/sdl-ttf: add 2.0.11_p20220525 Upstream aren't making releases anymore (since a long time ago!) for the 1.2.x branch but are kindly doing backports, so let's make a snapshot. The vulnerable (CVE-2022-27470) code doesn't seem to be in 1.2.x - and given upstream are quite good about backporting, the absence of any related commits seems to support that. Bug: https://bugs.gentoo.org/843434 Signed-off-by: Sam James <sam@gentoo.org> media-libs/sdl-ttf/Manifest | 1 + media-libs/sdl-ttf/sdl-ttf-2.0.11_p20220525.ebuild | 51 ++++++++++++++++++++++ 2 files changed, 52 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6b2fec5a705307d1dd93feaf16295c44346c9c4 commit c6b2fec5a705307d1dd93feaf16295c44346c9c4 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-16 05:24:27 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-16 06:26:12 +0000 media-libs/sdl2-ttf: drop 2.0.15, 2.0.18-r1 Bug: https://bugs.gentoo.org/843434 Signed-off-by: Sam James <sam@gentoo.org> media-libs/sdl2-ttf/Manifest | 2 -- media-libs/sdl2-ttf/sdl2-ttf-2.0.15.ebuild | 39 ----------------------- media-libs/sdl2-ttf/sdl2-ttf-2.0.18-r1.ebuild | 45 --------------------------- 3 files changed, 86 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=b5ce7374c560b8c8f3b1e47628d9a27c22b9d025 commit b5ce7374c560b8c8f3b1e47628d9a27c22b9d025 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-01 05:56:15 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2024-07-01 06:08:53 +0000 [ GLSA 202407-02 ] SDL_ttf: Arbitrary Memory Write Bug: https://bugs.gentoo.org/843434 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202407-02.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)
