Bug 202354 (CVE-2007-6354)

Summary:	media-gfx/exiftags < 1.01 Multiple vulnerabilities (CVE-2007-{6354,6355,6356})
Product:	Gentoo Security	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	graphics+disabled
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/advisories/28110/
Whiteboard:	B2 [glsa]
Package list:		Runtime testing required:	---

Description Robert Buchholz (RETIRED) gentoo-dev

2007-12-15 00:46:41 UTC

Meder Kydyraliev (Google Security) reported vulnerabilities in exiftags:

CVE-2007-6354 illegal memory access
CVE-2007-6355 integer overflow
CVE-2007-6356 infinite loop

Upstream was informed about these issues, no response I know of yet.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2007-12-16 13:30:52 UTC

1.01 is out, resolving these issues:
  http://johnst.org/sw/exiftags/exiftags-1.01.tar.gz

Graphics herd, please bump.

Comment 2 Markus Meier gentoo-dev

2007-12-16 14:17:45 UTC

media-gfx/exiftags-1.01 is in cvs.

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2007-12-17 01:42:48 UTC

Markus, thanks for the fast bump.

Arches, please test and mark stable media-gfx/exiftags-1.01.
Target keywords : "amd64 ppc x86"

Comment 4 Christian Faulhammer (RETIRED) gentoo-dev

2007-12-17 07:22:32 UTC

x86 stable

Comment 5 Samuli Suominen (RETIRED) gentoo-dev

2007-12-17 16:39:44 UTC

amd64 stable

Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev

2007-12-17 18:52:11 UTC

ppc stable, ready for glsa

Comment 7 Robert Buchholz (RETIRED) gentoo-dev

2007-12-18 01:38:17 UTC

thanks, filed.

Comment 8 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-12-29 14:07:32 UTC

GLSA 200712-17

Comment 9 Peter Volkov (RETIRED) gentoo-dev

2008-03-06 09:59:30 UTC

Does not affect current (2008.0) release. Removing release.