Summary: | <media-gfx/exiv2-0.26_p20180811-r3: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa++ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 658236 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2018-04-08 21:59:05 UTC
CVE-2018-9303, CVE-2018-9304 do not affect any version in tree. CVE-2018-9145: Fixed by https://github.com/Exiv2/exiv2/pull/316, already part of media-gfx/exiv2-0.26_p20180811-r1. CVE-2018-8977: Fixed by https://github.com/Exiv2/exiv2/pull/260 CVE-2018-8976: Fixed by https://github.com/Exiv2/exiv2/pull/256 CVE-2018-9306: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724. Reason: This candidate is a reservation duplicate of CVE-2017-17724. CVE-2018-9146: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724. Reason: This candidate is a reservation duplicate of CVE-2017-17724. CVE-2018-9144: links to https://github.com/Exiv2/exiv2/issues/254, declared duplicate of CVE-2017-17724 by upstream CVE-2018-9305: suspected duplicate of above as well, inquired upstream. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=524916ca71deef81fd09c9514ade715d2b4acfaa commit 524916ca71deef81fd09c9514ade715d2b4acfaa Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-21 14:44:33 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-21 14:44:33 +0000 media-gfx/exiv2: Tarball respun for CVE-2018-8976, CVE-2018-8977 Custom packed tarball based on upstream 0.26 branch as of 2018-08-11, with additional fixes from git master. Bug: https://bugs.gentoo.org/652822 Package-Manager: Portage-2.3.49, Repoman-2.3.10 media-gfx/exiv2/Manifest | 1 + media-gfx/exiv2/exiv2-0.26_p20180811-r3.ebuild | 123 +++++++++++++++++++++++++ 2 files changed, 124 insertions(+) Cleanup/KDE done here. Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. This issue was resolved and addressed in GLSA 201811-14 at https://security.gentoo.org/glsa/201811-14 by GLSA coordinator Aaron Bauman (b-man). This issue was resolved and addressed in GLSA 201811-14 at https://security.gentoo.org/glsa/201811-14 by GLSA coordinator Aaron Bauman (b-man). |