Summary: | <media-libs/libquicktime-1.2.4-r3: Multiple vulnerabilities (CVE-2017-{9122,9123,9124,9125,9126,9127,9128}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | asturm, media-video |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
media-libs/libquicktime-1.2.4-r3
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 626862 |
Description
GLSAMaker/CVETool Bot
2017-10-19 17:45:19 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8d9d005d305c0d4a8232649e3ec93535c1bacca commit c8d9d005d305c0d4a8232649e3ec93535c1bacca Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-18 14:54:25 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-18 15:07:45 +0000 media-libs/libquicktime: Fix CVE-2017-9122..9128 Bug: https://bugs.gentoo.org/634806 Package-Manager: Portage-2.3.49, Repoman-2.3.10 .../libquicktime-1.2.4-CVE-2017-9122_et_al.patch | 151 +++++++++++++++++++++ .../libquicktime/libquicktime-1.2.4-r3.ebuild | 1 + 2 files changed, 152 insertions(+) This patch supposedly also fixes bug 626862, according to SUSE who took no further action: https://bugzilla.suse.com/show_bug.cgi?id=1051855 An automated check of this bug failed - repoman reported dependency errors (71 lines truncated):
> dependency.bad media-libs/libquicktime/libquicktime-1.2.4-r3.ebuild: DEPEND: ia64(default/linux/ia64/17.0) ['>=media-video/libav-12:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-libs/libquicktime/libquicktime-1.2.4-r3.ebuild: RDEPEND: ia64(default/linux/ia64/17.0) ['>=media-video/libav-12:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
> dependency.bad media-libs/libquicktime/libquicktime-1.2.4-r3.ebuild: DEPEND: ia64(default/linux/ia64/17.0/desktop) ['>=media-video/libav-12:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?]']
sigh... why is that libav bug broken... x86 stable amd64 stable Stable on alpha. ppc64 stable Adding remaining arches. ia64 stable ppc stable sparc stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b9e63a9d14b162ee15c36f94a88453dd73ac2ba commit 0b9e63a9d14b162ee15c36f94a88453dd73ac2ba Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-11-08 23:03:54 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-11-08 23:03:54 +0000 media-libs/libquicktime: Security cleanup Bug: https://bugs.gentoo.org/634806 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../libquicktime/libquicktime-1.2.4-r2.ebuild | 132 --------------------- 1 file changed, 132 deletions(-) |