Summary: | media-gfx/exiv2: buffer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781123 | ||
Whiteboard: | B2 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-03-25 16:50:07 UTC
Is upstream even aware of this? (In reply to Michael Palimaka (kensington) from comment #1) > Is upstream even aware of this? As per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781123#11 , the answer is no I don't know what we're supposed to do about it then. I think this is invalid. The latest comments in the debian bug say that this affects only video support, this is disabled by default and upstream recommends disabling it because they know their video code is insecure. The Gentoo ebuild doesn't enable video either and there is no USE flag for it, so I think everything's fine here. (also I tried and can't reproduce the bug) (In reply to Hanno Boeck from comment #4) > I think this is invalid. > > The latest comments in the debian bug say that this affects only video > support, this is disabled by default and upstream recommends disabling it > because they know their video code is insecure. > > The Gentoo ebuild doesn't enable video either and there is no USE flag for > it, so I think everything's fine here. (also I tried and can't reproduce the > bug) Removing kde from cc. Please add back when there is something to do. As this become stable? Mike Boyle Gentoo Security Padawan (In reply to Michael Boyle from comment #6) > As this become stable? EXIV2_ENABLE_VIDEO is off by default and not enabled by our ebuilds either. @maintainer(s), Per comment4 and comment7, is it okay to close on this bug? Gentoo Security Padawan (jmbailey/mbailey_j) That's what my comment was implying, yes. |