Summary: | <media-libs/libmtp-1.1.13: multiple vulnerabilities in ptp* camlib | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sound |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
media-libs/libmtp-1.1.13
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 623634 |
Description
Agostino Sarubbo
2017-06-28 13:07:51 UTC
@ Arches, please test and mark stable: =media-libs/libmtp-1.1.13 ia64 stable arm stable amd64 stable x86 stable ppc64 stable ppc stable hppa stable Thank you all. GLSA Request filed. Please proceed to clean up the tree. I couldn't find a PoC of Remote Code Execution, and i don't know if having local access to plug the device is considered "remote by enticing" attack. Downgrading to B3 because of the DoS. Security please vote: GLSA Request Vote: No @sound, can this be cleaned? Tree is clean: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a675141ca41b8533e16d8f513129d5c592d993f Coordinated with Soap via IRC. |