Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 906520 - media-libs/libmp4v2-2.1.3: please stabilize
Summary: media-libs/libmp4v2-2.1.3: please stabilize
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Stabilization (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Sound Team
URL:
Whiteboard:
Keywords: CC-ARCHES, SECURITY, STABLEREQ
Depends on:
Blocks: CVE-2023-1450, CVE-2023-1451, CVE-2023-29578, CVE-2023-29584
  Show dependency tree
 
Reported: 2023-05-16 05:44 UTC by Miroslav Šulc
Modified: 2023-05-17 07:13 UTC (History)
0 users

See Also:
Package list:
media-libs/libmp4v2-2.1.3
Runtime testing required: ---
nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Miroslav Šulc gentoo-dev 2023-05-16 05:44:14 UTC 
stabilizing 2.1.3 rather that 2.1.2 because the older version contains some vulnerabilities. it's not clear to me though whether all the vulnerabilities are solved in this version.

commit e2665d7cdcb08c96a1a31bea6b3d9eaf5e1bd333
Author: Miroslav Šulc <fordfrog@gentoo.org>
Date:   Fri May 12 09:27:33 2023 +0200

    media-libs/libmp4v2: bump to 2.1.3
    
    Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-16 06:09:57 UTC 
x86 done
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-16 06:09:58 UTC 
amd64 done
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-16 06:27:42 UTC 
sparc done
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-16 06:27:43 UTC 
arm done
Comment 5 Arthur Zamarin archtester Gentoo Infrastructure gentoo-dev Security 2023-05-16 17:04:42 UTC 
ppc done
Comment 6 Arthur Zamarin archtester Gentoo Infrastructure gentoo-dev Security 2023-05-16 18:03:09 UTC 
ppc64 done

all arches done
Comment 7 Larry the Git Cow gentoo-dev 2023-05-17 07:13:13 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2a2cffd6ad3268b681c1c6978162cee9353c19c

commit d2a2cffd6ad3268b681c1c6978162cee9353c19c
Author:     Miroslav Šulc <fordfrog@gentoo.org>
AuthorDate: 2023-05-17 07:12:56 +0000
Commit:     Miroslav Šulc <fordfrog@gentoo.org>
CommitDate: 2023-05-17 07:12:56 +0000

    media-libs/libmp4v2: dropped obsolete and vulnerable 2.0.0-r2 & 2.1.2
    
    Bug: https://bugs.gentoo.org/906520
    Bug: https://bugs.gentoo.org/905092
    Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>

 media-libs/libmp4v2/Manifest                       |  2 -
 .../files/libmp4v2-2.0.0-CVE-2018-14054.patch      | 35 -------------
 .../files/libmp4v2-2.0.0-CVE-2018-14325.patch      | 60 ----------------------
 .../files/libmp4v2-2.0.0-CVE-2018-14379.patch      | 33 ------------
 .../files/libmp4v2-2.0.0-CVE-2018-14403.patch      | 28 ----------
 .../libmp4v2/files/libmp4v2-2.0.0-clang.patch      | 36 -------------
 .../libmp4v2/files/libmp4v2-2.0.0-gcc7.patch       | 18 -------
 .../files/libmp4v2-2.0.0-mp4tags-corruption.patch  | 20 --------
 media-libs/libmp4v2/libmp4v2-2.0.0-r2.ebuild       | 53 -------------------
 media-libs/libmp4v2/libmp4v2-2.1.2.ebuild          | 32 ------------
 10 files changed, 317 deletions(-)