Summary: | <app-text/ghostscript-gpl-9.20-r1: Multiple vulnerabilities through bundled media-libs/openjpeg | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | dev-zero |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 596576 | ||
Bug Blocks: |
Description
Thomas Deutschmann (RETIRED)
2017-01-25 15:29:43 UTC
Unbundling openjpeg seems possible (upstream uses 2.1.0), but `base/lib.mak` needs to be patched to make it build with openjpeg 2.1.1+. See https://gitweb.gentoo.org/dev/dev-zero.git/commit/?id=9a914722e7c0b19b244088964e8ac876cda50ce4 for a preliminary version bump to 9.20 OpenJPEG was unbundled in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=521a0bbaf9bea07b4c977156bb5cd3efaded1bb4 as part of bug 596576. All vulnerable versions have been removed. Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201702-31 at https://security.gentoo.org/glsa/201702-31 by GLSA coordinator Thomas Deutschmann (whissi). |